CVE-2004-1104
Description
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The AI Insight narrative is available to signed-in members. Sign in or create a free account to read it.
Affected products
2- Range: 6.0 SP2
Patches
Discovered fix commits and diffs is available to signed-in members. Sign in or create a free account to read it.
Vulnerability mechanics
Root cause
"Microsoft Internet Explorer fails to properly handle specially crafted HTML anchor and form tags."
Attack vector
An attacker can create a web page containing a BASE element pointing to a legitimate site, followed by an anchor tag with an empty href attribute. A FORM element with its action attribute pointing to a malicious URL, and a submit INPUT element styled to resemble a legitimate URL, can then be used. This combination tricks the browser into displaying a trusted URL in the status bar while navigating to a malicious site, facilitating phishing attacks [ref_id=1].
Affected code
The vulnerability is related to how Microsoft Internet Explorer handles HTML anchor URI tags and form tags. Specifically, the interaction between the BASE element, anchor tags with empty href attributes, and FORM elements with malicious actions is implicated [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. Remediation guidance suggests updating to a later version of Internet Explorer, implying that the issue was resolved in subsequent releases [ref_id=1].
Preconditions
- inputThe user must visit a malicious web page crafted by the attacker.
- networkThe attacker must host the malicious web page.
Reproduction
The provided reference includes example HTML code demonstrating the exploit, which can be hosted on a web server for reproduction [ref_id=1].
Generated on Jun 6, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- www.securityfocus.com/bid/11565nvdExploitVendor Advisory
- www.kb.cert.org/vuls/id/702086nvdThird Party AdvisoryUS Government Resource
- secunia.com/advisories/11273nvd
- www.securityfocus.com/archive/1/379903nvd
- www.securityfocus.com/archive/1/425386/100/0/threadednvd
- www.securityfocus.com/archive/1/425883/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17938nvd
News mentions
0No linked articles in our index yet.