5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.025 Low
EPSS
Percentile
89.9%
Microsoft Internet Explorer contains a vulnerability in its handling of navigation commands from plug-ins. This could let an attacker spoof the address of a website.
Microsoft Internet Explorer improperly handles navigations from plug-ins, such as ActiveX controls. This improper navigation handling could cause IE to display an incorrect URL in the Address bar. As a result, a web site operator could make it appear that the content from his or her web site actually originated from another site when, in fact, it did not.
This vulnerability could be used to convince a user that the intruder’s web site was actually a web site that the user trusts and might provide sensitive information to.
Apply a patch
Apply the patch referenced in MS04-038.
625616
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 13, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23625616 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Microsoft for reporting this vulnerability.
This document was written by Will Dormann, based on the information provided in the Microsoft Security Bulletin.
CVE IDs: | CVE-2004-0843 |
---|---|
Severity Metric: | 1.98 Date Public: |