Vulnerability Note VU#652278
Microsoft Internet Explorer does not properly display URLs
Microsoft Internet Explorer does not properly display the location of HTML documents. An attacker could exploit this behavior to mislead users into revealing sensitive information.
Web browsers frequently display the Uniform Resource Locator (URL) in the address bar. Users expect this information to indicate the source of the current browser frame. Microsoft Internet Explorer (IE) does not properly display URLs that contain certain non-printable characters. IE may connect to one address but display a different address.
Per RFC 2396, the URL scheme for HTTP is represented as
An attacker could convince a user that they were viewing a legitimate site when in fact they are visiting a site controlled by the attacker. The attacker could use additional social engineering techniques to trick the victim into disclosing sensitive information such as credit card numbers, account numbers, and passwords.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||09 Dec 2003||02 Feb 2004|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by Zap The Dingbat.
This document was written by Art Manion and Shawn Hernan.
- CVE IDs: CAN-2003-1025
- Date Public: 09 Dec 2003
- Date First Published: 19 Dec 2003
- Date Last Updated: 17 Feb 2004
- Severity Metric: 14.29
- Document Revision: 65
If you have feedback, comments, or additional information about this vulnerability, please send us email.