Microsoft IE Double Byte Character Set Address Bar Spoofing

2004-10-12T17:18:16
ID OSVDB:10706
Type osvdb
Reporter OSVDB
Modified 2004-10-12T17:18:16

Description

Vulnerability Description

Internet Explorer flaw that may allow a malicious user to spoof an address in a user's address bar. The issue is triggered when Internet Explorer attempts to parse special characters in double byte character systems. It is possible that the flaw may allow the attacker to spoof a trusted web site resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft Corporation has released a patch to address this vulnerability.

Short Description

Internet Explorer flaw that may allow a malicious user to spoof an address in a user's address bar. The issue is triggered when Internet Explorer attempts to parse special characters in double byte character systems. It is possible that the flaw may allow the attacker to spoof a trusted web site resulting in a loss of integrity.

References:

Security Tracker: 1011643 Secunia Advisory ID:12806 Related OSVDB ID: 10708 Related OSVDB ID: 10709 Related OSVDB ID: 10710 Related OSVDB ID: 10705 Related OSVDB ID: 10704 Related OSVDB ID: 10707 Microsoft Security Bulletin: MS04-038 Microsoft Knowledge Base Article: 834707 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0386.html ISS X-Force ID: 17652 ISS X-Force ID: 17651 CVE-2004-0844