Strix
26.1K

CVE-2004-0526

UnknownEPSS 17.25%

Last modified

CVE-2004-0526 is a vulnerability of currently unknown severity. Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.. EPSS estimates a 17.25% chance of exploitation in the next 30 days.

Description

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

Metrics

EPSS Probability
17.25%

96.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
MicrosoftIe6.0Sp1
MicrosoftInternet Explorer5.0
MicrosoftInternet Explorer5.0.1
MicrosoftInternet Explorer5.5
MicrosoftInternet Explorer6.0
MicrosoftOutlook97
MicrosoftOutlook98
MicrosoftOutlook2000
MicrosoftOutlook2002
MicrosoftOutlook2003
MicrosoftOutlook Express4.0
MicrosoftOutlook Express4.01Sp2
MicrosoftOutlook Express4.27.3110
MicrosoftOutlook Express4.72.2106
MicrosoftOutlook Express4.72.3120.0
MicrosoftOutlook Express4.72.3612
MicrosoftOutlook Express5.0
MicrosoftOutlook Express5.0.1
MicrosoftOutlook Express5.5
MicrosoftOutlook Express6.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2004-0526?
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
How severe is CVE-2004-0526?
Severity scoring for CVE-2004-0526 is pending analysis. The EPSS model estimates a 17.25% probability of exploitation in the next 30 days.
How do I fix CVE-2004-0526?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-0526?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST