Overview
Microsoft Internet Explorer contains a vulnerability in how it processes URLs on Double Byte Character Set (DBCS) systems. This could allow an attacker to spoof the address of a web site.
Description
Microsoft Internet Explorer contains a canonicalization error when it parses special characters in a URL on a DBCS system. A DBCS system represents characters with either a single byte or a double byte code. DBCS is used with some Asian versions of Microsoft Windows. Because of the error in how IE parses URLs on DBCS systems, a web site operator could make it appear that the content from his or her web site actually originated from another site. |
Impact
By making a malicious web site appear to be a site that the user trusts, an attacker could convince the user to provide sensitive information. |
Solution
Apply a patch Apply the patch referenced in MS04-038. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Microsoft for reporting this vulnerability.
This document was written by Will Dormann, based on the information provided in the Microsoft Security Bulletin.
Other Information
| CVE IDs: | CVE-2004-0844 |
| Severity Metric: | 1.98 |
| Date Public: | 2004-10-12 |
| Date First Published: | 2004-10-13 |
| Date Last Updated: | 2004-10-18 16:39 UTC |
| Document Revision: | 8 |