Overview
Microsoft Internet Explorer contains a vulnerability in its handling of navigation commands from plug-ins. This could let an attacker spoof the address of a website.
Description
Microsoft Internet Explorer improperly handles navigations from plug-ins, such as ActiveX controls. This improper navigation handling could cause IE to display an incorrect URL in the Address bar. As a result, a web site operator could make it appear that the content from his or her web site actually originated from another site when, in fact, it did not. |
Impact
This vulnerability could be used to convince a user that the intruder's web site was actually a web site that the user trusts and might provide sensitive information to. |
Solution
Apply a patch Apply the patch referenced in MS04-038. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Microsoft for reporting this vulnerability.
This document was written by Will Dormann, based on the information provided in the Microsoft Security Bulletin.
Other Information
| CVE IDs: | CVE-2004-0843 |
| Severity Metric: | 1.98 |
| Date Public: | 2004-10-12 |
| Date First Published: | 2004-10-13 |
| Date Last Updated: | 2004-10-15 20:37 UTC |
| Document Revision: | 6 |