CVE-2004-0526

Current Description

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

Basic Data

PublishedAugust 06, 2004
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMicrosoftIe5.0*******
    2.3ApplicationMicrosoftIe5.0.1*******
    2.3ApplicationMicrosoftIe5.0.1sp1******
    2.3ApplicationMicrosoftIe5.0.1sp2******
    2.3ApplicationMicrosoftIe5.0.1sp3******
    2.3ApplicationMicrosoftIe5.0.1sp4******
    2.3ApplicationMicrosoftIe5.5*******
    2.3ApplicationMicrosoftIe5.5sp1******
    2.3ApplicationMicrosoftIe5.5sp2******
    2.3ApplicationMicrosoftIe6.0*******
    2.3ApplicationMicrosoftIe6.0sp1******
    2.3ApplicationMicrosoftOutlook97*******
    2.3ApplicationMicrosoftOutlook98*******
    2.3ApplicationMicrosoftOutlook2000*******
    2.3ApplicationMicrosoftOutlook2000sp2******
    2.3ApplicationMicrosoftOutlook2000sp3******
    2.3ApplicationMicrosoftOutlook2000sr1******
    2.3ApplicationMicrosoftOutlook2002*******
    2.3ApplicationMicrosoftOutlook2002sp1******
    2.3ApplicationMicrosoftOutlook2002sp2******
    2.3ApplicationMicrosoftOutlook2002sp3******
    2.3ApplicationMicrosoftOutlook2003*******
    2.3ApplicationMicrosoftOutlook Express4.0*******
    2.3ApplicationMicrosoftOutlook Express4.01sp2******
    2.3ApplicationMicrosoftOutlook Express4.27.3110*******
    2.3ApplicationMicrosoftOutlook Express4.72.2106*******
    2.3ApplicationMicrosoftOutlook Express4.72.3120.0*******
    2.3ApplicationMicrosoftOutlook Express4.72.3612*******
    2.3ApplicationMicrosoftOutlook Express5.0*******
    2.3ApplicationMicrosoftOutlook Express5.0.1*******
    2.3ApplicationMicrosoftOutlook Express5.5*******
    2.3ApplicationMicrosoftOutlook Express6.0*******

Vulnerable Software List

VendorProductVersions
Microsoft Outlook Express 4.0, 4.01, 4.27.3110, 4.72.2106, 4.72.3120.0, 4.72.3612, 5.0, 5.0.1, 5.5, 6.0
Microsoft Outlook 2000, 2002, 2003, 97, 98
Microsoft Ie 5.0, 5.0.1, 5.5, 6.0

References

NameSourceURLTags
20040517 Microsoft Internet Explorer ImageMap URL Spoof Vulnerabilityhttp://archives.neohapsis.com/archives/bugtraq/2004-05/0161.htmlBUGTRAQ
20040510 DEEP SEA PHISHING: Internet Explorer / Outlook Expresshttp://marc.info/?l=bugtraq&m=108422905510713&w=2BUGTRAQ
http://www.kurczaba.com/securityadvisories/0405132poc.htmhttp://www.kurczaba.com/securityadvisories/0405132poc.htmMISC
10308http://www.securityfocus.com/bid/10308BIDExploit Vendor Advisory
ie-ahref-url-spoofing(16102)https://exchange.xforce.ibmcloud.com/vulnerabilities/16102XF