New Search

IE v6.0 Improper URL Canonicalization Vulnerability

oval:org.mitre.oval:def:512

Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL which hides the rest of the URL including the real site in the address bar aka the "Improper URL Canonicalization Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2003-1025
Product(s):
  • Microsoft Internet Explorer