Vulnerability Description
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 6.0 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/652278Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/archive/1/346948Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA04-033A.htmlUS Government Resource
- http://www.zapthedingbat.com/security/ex01/vun1.htmExploitVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13935
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.kb.cert.org/vuls/id/652278Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/archive/1/346948Vendor Advisory
FAQ
What is CVE-2003-1025?
CVE-2003-1025 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL,...
How severe is CVE-2003-1025?
CVE-2003-1025 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1025?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer.