Microsoft Internet Explorer contains a vulnerability in how it processes URLs on Double Byte Character Set (DBCS) systems. This could allow an attacker to spoof the address of a web site.
Microsoft Internet Explorer contains a canonicalization error when it parses special characters in a URL on a DBCS system. A DBCS system represents characters with either a single byte or a double byte code. DBCS is used with some Asian versions of Microsoft Windows. Because of the error in how IE parses URLs on DBCS systems, a web site operator could make it appear that the content from his or her web site actually originated from another site.
By making a malicious web site appear to be a site that the user trusts, an attacker could convince the user to provide sensitive information.
Apply a patch
Apply the patch referenced in MS04-038.
Thanks to Microsoft for reporting this vulnerability.
This document was written by Will Dormann, based on the information provided in the Microsoft Security Bulletin.
|Date First Published:||2004-10-13|
|Date Last Updated:||2004-10-18 16:39 UTC|