Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4787

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2008-4787
Last Modified 08 Sep 2009 12:00:00
Published 29 Oct 2008 11:31:35
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4787

Summary

Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many   (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025.

Vulnerable Systems

Application

  • Microsoft Internet Explorer 6


References

XF - ie-nbsp-addressbar-spoofing(46234)

BID - 31960

BUGTRAQ - 20081027 Re: Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6

BUGTRAQ - 20081027 Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6


Last Updated: 27 May 2016 10:48:38