5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.954 High
EPSS
Percentile
99.4%
Microsoft Internet Explorer contains a vulnerability in how it processes URLs on Double Byte Character Set (DBCS) systems. This could allow an attacker to spoof the address of a web site.
Microsoft Internet Explorer contains a canonicalization error when it parses special characters in a URL on a DBCS system. A DBCS system represents characters with either a single byte or a double byte code. DBCS is used with some Asian versions of Microsoft Windows. Because of the error in how IE parses URLs on DBCS systems, a web site operator could make it appear that the content from his or her web site actually originated from another site.
By making a malicious web site appear to be a site that the user trusts, an attacker could convince the user to provide sensitive information.
Apply a patch
Apply the patch referenced in MS04-038.
431576
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 13, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23431576 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Microsoft for reporting this vulnerability.
This document was written by Will Dormann, based on the information provided in the Microsoft Security Bulletin.
CVE IDs: | CVE-2004-0844 |
---|---|
Severity Metric: | 1.98 Date Public: |