Info

Disclosure

Oct 12, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Internet Explorer flaw that may allow a malicious user to spoof an address in a user's address bar. The issue is triggered when Internet Explorer attempts to parse special characters in double byte character systems. It is possible that the flaw may allow the attacker to spoof a trusted web site resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft Corporation has released a patch to address this vulnerability.

Products

Microsoft Corporation	Internet Explorer	5.01 SP3
		5.01 SP4
		5.5 SP2
		6.0
		6.0 SP1

References

Security Tracker: 1011643
Related OSVDB ID: 10704 10705 10707 10708 10709 10710
Secunia Advisory ID: 12806
ISS X-Force ID: 17651 17652
CVE ID: 2004-0844 (see also: NVD)
Microsoft Knowledge Base Article: 834707
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0386.html
Microsoft Security Bulletin: MS04-038

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/10706