CVE-2003-1025
Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
Internet Explorer 6 y posiblemente otras versiones, permite a atacantes remotos suplantar el dominio de una URL mediante un carácter "%01" antes de un carácter "@" (arroba) en la porción usario@dominio de la URL, lo que esconde el resto de la URL, incluyendo el sitio real, en la barra de direcciones.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2003-12-09 First Exploit
- 2004-01-06 CVE Reserved
- 2004-01-06 CVE Published
- 2024-08-08 CVE Updated
- 2024-11-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (16)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/23422 | 2003-12-09 | |
https://www.exploit-db.com/exploits/23423 | 2003-12-09 | |
https://www.exploit-db.com/exploits/23465 | 2003-12-23 | |
http://www.zapthedingbat.com/security/ex01/vun1.htm | 2024-08-08 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.securityfocus.com/archive/1/346948 | 2021-07-23 | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 | 2021-07-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0" | - |
Affected
|