Vulnerability Note VU#580299
Microsoft Internet Explorer contains URL decoding cross-domain vulnerability
A URL decoding vulnerability in Microsoft Internet Explorer may allow remote attackers to bypass zone security restrictions and execute arbitrary code on affected systems.
IE uses a cross-domain security model to maintain separation between browser frames from different sources. This model is designed to prevent code in one domain from accessing data in a different domain. The Internet Security Manager Object determines which zone or domain a URL exists in and what actions can be performed.
An attacker may encode the host portion of a URL in a way that results in Internet Explorer evaluating content under the wrong security domain. The URL may contain special characters that are encoded twice, resulting in Internet Explorer evaluating a document on the remote server as belonging to the "My Computer" zone (Local Machine Zone). Internet Explorer may then allow arbitrary code to be executed due to less restrictive permissions in the Local Machine Zone.
Remote attackers may be able to execute arbitrary code with the privileges of a user running Internet Explorer. Attackers may also be able to perform cross-site scripting attacks and mislead users by displaying spoofed URLs. To exploit this vulnerability, the attacker must convince the user to visit a malicious web page.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||08 Feb 2005||08 Feb 2005|
CVSS Metrics (Learn More)
Thanks to the Microsoft Corporation for reporting this vulnerability, who in turn credit Jouko Pynnönen with reporting the information.
This document was written by Ken MacInnis based primarily on information provided by the Microsoft Corporation.
- CVE IDs: CAN-2005-0054
- Date Public: 08 Feb 2005
- Date First Published: 08 Feb 2005
- Date Last Updated: 14 Jun 2005
- Severity Metric: 35.10
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.