CVE-2004-0528

Netscape Navigator 7.1 - Embedded Image URI Obfuscation

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

Netscape Navigator 7.1 permite a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legítimo, combinado con un mapa de imagen cuyo HREF apunta al sitio malicioso, lo que facilita ataques de suplantación para robo de datos (phising)".

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-05-19 First Exploit
2004-06-03 CVE Reserved
2004-06-08 CVE Published
2024-08-08 CVE Updated
2024-11-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (4)

URL	Tag	Source
http://www.osvdb.org/6580	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/16102	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/24137	2004-05-19
http://www.securityfocus.com/bid/10389	2024-08-08

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netscape Search vendor "Netscape"		Navigator Search vendor "Netscape" for product "Navigator"				7.1 Search vendor "Netscape" for product "Navigator" and version "7.1"		-		Affected