CVE-2003-1025

Published: Jan 20, 2004Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."

Affected (1)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (26)

http://www.kb.cert.org/vuls/id/652278

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/archive/1/346948

Source: cve@mitre.org

Vendor Advisory

http://www.us-cert.gov/cas/techalerts/TA04-033A.html

Source: cve@mitre.org

US Government Resource

http://www.zapthedingbat.com/security/ex01/vun1.htm

Source: cve@mitre.org

ExploitVendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/13935

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A490

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A491

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A510

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A511

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A512

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A513

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A526

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/652278

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/archive/1/346948

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.us-cert.gov/cas/techalerts/TA04-033A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.zapthedingbat.com/security/ex01/vun1.htm

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/13935

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A490

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A491

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A510

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A511

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A512

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A513

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A526

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.