Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4788

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4788
Last Modified 22 Jul 2009 12:00:00
Published 29 Oct 2008 11:31:35
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4788

Summary

Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900.

Vulnerable Systems

Application

  • Microsoft Internet Explorer 6


References

XF - ie-highbit-addressbar-spoofing(46235)

BUGTRAQ - 20081027 Re: Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6

BUGTRAQ - 20081027 Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6


Last Updated: 27 May 2016 10:48:38