Microsoft IE Plug-in Navigation Address Bar Spoofing

2004-10-12T17:18:16
ID OSVDB:10707
Type osvdb
Reporter OSVDB
Modified 2004-10-12T17:18:16

Description

Vulnerability Description

Internet Explorer contains a flaw that may allow a malicious user to spoof an address in a user's address bar. The issue is triggered when the victim visits a specially crafted web page and the Plug-in Navigation does not properly handle the request. It is possible that the flaw may allow the attacker to spoof a trusted web site resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft Corporation has released a patch to address this vulnerability.

Short Description

Internet Explorer contains a flaw that may allow a malicious user to spoof an address in a user's address bar. The issue is triggered when the victim visits a specially crafted web page and the Plug-in Navigation does not properly handle the request. It is possible that the flaw may allow the attacker to spoof a trusted web site resulting in a loss of integrity.

References:

Security Tracker: 1011644 Secunia Advisory ID:12806 Related OSVDB ID: 10708 Related OSVDB ID: 10709 Related OSVDB ID: 10710 Related OSVDB ID: 10705 Related OSVDB ID: 10704 Related OSVDB ID: 10706 Microsoft Security Bulletin: MS04-038 Microsoft Knowledge Base Article: 834707 Keyword: Plug-in Navigation Address Bar Spoofing Vulnerability ISS X-Force ID: 17655 CVE-2004-0843 CIAC Advisory: p-006