Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0844 | First vendor Publication | 2004-11-03 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0844 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:2448 | |||
Oval ID: | oval:org.mitre.oval:def:2448 | ||
Title: | Address Bar Spoofing on Double Byte Character Set Systems Vulnerability (Server 2003) | ||
Description: | Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0844 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8127 | |||
Oval ID: | oval:org.mitre.oval:def:8127 | ||
Title: | Address Bar Spoofing on Double Byte Character Set Systems Vulnerability | ||
Description: | Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0844 | Version: | 5 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
ExploitDB Exploits
id | Description |
---|---|
2004-10-20 | Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulner... |
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
10706 | Microsoft IE Double Byte Character Set Address Bar Spoofing Internet Explorer flaw that may allow a malicious user to spoof an address in a user's address bar. The issue is triggered when Internet Explorer attempts to parse special characters in double byte character systems. It is possible that the flaw may allow the attacker to spoof a trusted web site resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | MSN Heartbeat ActiveX clsid access RuleID : 4167 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Shell.Explorer ActiveX Object Access RuleID : 4166 - Revision : 10 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer mouse drag hijack RuleID : 21353 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Install Engine ActiveX clsid unicode access RuleID : 17589 - Revision : 4 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer Install Engine ActiveX clsid access RuleID : 17588 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer Shell.Explorer 2 ActiveX clsid access RuleID : 15122 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Shell.Explorer 2 ActiveX function call unicode access RuleID : 15113 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer Shell.Explorer 2 ActiveX function call access RuleID : 15112 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Shell.Explorer 2 ActiveX clsid unicode access RuleID : 15111 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | MSN Heartbeat ActiveX clsid unicode access RuleID : 12956 - Revision : 7 - Type : WEB-ACTIVEX |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:24 |
|
2021-04-22 01:02:34 |
|
2020-05-23 00:15:53 |
|
2018-10-13 00:22:29 |
|
2017-10-11 09:23:23 |
|
2017-07-11 12:01:31 |
|
2016-10-18 12:01:23 |
|
2016-04-26 12:53:40 |
|
2013-05-11 11:43:11 |
|