Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4788


Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4788
Last Modified 22 Jul 2009 12:00:00
Published 29 Oct 2008 11:31:35
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using to spoof, aka MSRC ticket MSRC7900.

Vulnerable Systems


  • Microsoft Internet Explorer 6


XF - ie-highbit-addressbar-spoofing(46235)

BUGTRAQ - 20081027 Re: Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6

BUGTRAQ - 20081027 Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6

Last Updated: 27 May 2016 10:48:38