Microsoft Internet Explorer 6.0 SP2 allows remote malicious users to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft ie 6.0 |