CVE-2004-1527

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 6.0 SP1

Description The issue arises from the improper handling of certain character strings in the Path attribute, allowing remote attackers to modify cookies in other domains. This can occur when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, enabling the hijacking of web sessions.

Recommendations For Microsoft Internet Explorer version 6.0 SP1, consider applying configuration changes to restrict cookie access to prevent session hijacking until a proper fix is available. As a temporary workaround, restrict the use of wildcard DNS to minimize the risk of exploitation.