VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2219

CVE-2004-2219

Description

Internet Explorer 6 lets attackers spoof the address bar via crafted JavaScript, enabling phishing by falsifying the displayed URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Internet Explorer 6 lets attackers spoof the address bar via crafted JavaScript, enabling phishing by falsifying the displayed URL.

Vulnerability

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via JavaScript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake [1]. Versions prior to the fix are affected.

Exploitation

An attacker can craft a malicious web page that, when visited by a user, runs JavaScript that first sets an invalid URI (e.g., using "javascript:" or similar), modifies the Location field to a fraudulent URL, and then calls history.back to return to the previous domain. The address bar then displays the spoofed URL while the page content is from the attacker’s site [1]. No authentication or user interaction beyond visiting the page is required.

Impact

Successful exploitation allows the attacker to spoof the address bar, making a malicious website appear as a legitimate one. This facilitates phishing attacks by deceiving users into believing they are on a trusted site, potentially leading to disclosure of sensitive information [1].

Mitigation

Microsoft has released a security update for Internet Explorer 6 that addresses this vulnerability. Users should apply the latest updates from Windows Update [1]. No workaround is provided in the available references.

References
  1. About Secunia Research | Flexera

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Microsoft/Ie
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • Microsoft/Internet Explorer4 versions
    cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
    • (no CPE)range: =6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.