Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty href attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ie | Microsoft | 6.0-sp2 (including) | 6.0-sp2 (including) |