Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1025


Vulnerability Score 4.3 4.3
CVE Id CVE-2003-1025
Last Modified 10 Sep 2008 12:00:00
Published 20 Jan 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."

Vulnerable Systems


  • Microsoft Ie 6.0


CERT - TA04-033A

CERT-VN - VU#652278

XF - ie-domain-url-spoofing(13935)


BUGTRAQ - 20031209 Internet Explorer URL parsing vulnerability

MS - MS04-004

Last Updated: 27 May 2016 10:38:08