Intrusion Prevention

MS.IE.Address.Bar.History.Spoofing

Description

Microsoft Internet Explorer has a Cross-site scripting (XSS) vulnerability. A remote attacker could spoof a trusted Web page by altering the URL that is displayed in the Internet Explorer address bar. This can be accomplished via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain.

Affected Products

Microsoft Internet Explorer 6.0

Impact

Cross-site scripting.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.microsoft.com

CVE References

CVE-2004-2219