- Description
- Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:N/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783"
}
],
"operator": "OR"
}
]
}
]