CVE-2004-1527

medium

Microsoft

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS Score

0.4%

Exploitation probability in 30 days

Top 38% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

None

Integrity

Availability

None

Published: December 31, 2004 (7804 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions.

CWE

NVD-CWE-Other

References

🔗 marc.info 🔗 secunia.com 🔗 www.lac.co.jp 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com

CVE-2004-1527

Vulnerability Report

Description

CWE

References