CVE-2003-1025 Information

Description

Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a \01\ character before an @ sign in the user@domain portion of the URL which hides the rest of the URL including the real site in the address bar aka the \Improper URL Canonicalization Vulnerability.\

Reference

http://www.kb.cert.org/vuls/id/652278 http://www.securityfocus.com/archive/1/346948 http://www.us-cert.gov/cas/techalerts/TA04-033A.html http://www.zapthedingbat.com/security/ex01/vun1.htm https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/13935 ie-domain-url-spoofing(13935) https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A490 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A491 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A510 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A511 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A512 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A513 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A526