Executive Summary
Informations | |||
---|---|---|---|
Name | MS04-004 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cumulative Security Update for Internet Explorer (832894) |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-30 | Hijacking a Privileged Thread of Execution |
CAPEC-35 | Leverage Executable Code in Nonexecutable Files |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:490 | |||
Oval ID: | oval:org.mitre.oval:def:490 | ||
Title: | IE v5.01,SP2 Improper URL Canonicalization Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1025 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:491 | |||
Oval ID: | oval:org.mitre.oval:def:491 | ||
Title: | IE v5.01,SP3 Improper URL Canonicalization Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1025 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:510 | |||
Oval ID: | oval:org.mitre.oval:def:510 | ||
Title: | IE v5.01,SP4 Improper URL Canonicalization Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1025 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:511 | |||
Oval ID: | oval:org.mitre.oval:def:511 | ||
Title: | IE v5.5,SP2 Improper URL Canonicalization Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1025 | Version: | 3 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:512 | |||
Oval ID: | oval:org.mitre.oval:def:512 | ||
Title: | IE v6.0 Improper URL Canonicalization Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1025 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:513 | |||
Oval ID: | oval:org.mitre.oval:def:513 | ||
Title: | IE v6.0,SP1 Improper URL Canonicalization Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1025 | Version: | 5 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:526 | |||
Oval ID: | oval:org.mitre.oval:def:526 | ||
Title: | IE v6.0,SP1 (Server 2003) Improper URL Canonicalization Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1025 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:527 | |||
Oval ID: | oval:org.mitre.oval:def:527 | ||
Title: | IE v5.01,SP2 Function Pointer Drag and Drop Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1027 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:529 | |||
Oval ID: | oval:org.mitre.oval:def:529 | ||
Title: | IE v5.01,SP3 Function Pointer Drag and Drop Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1027 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:530 | |||
Oval ID: | oval:org.mitre.oval:def:530 | ||
Title: | IE v5.01,SP4 Function Pointer Drag and Drop Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1027 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:531 | |||
Oval ID: | oval:org.mitre.oval:def:531 | ||
Title: | IE v5.5,SP2 Function Pointer Drag and Drop Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1027 | Version: | 3 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:532 | |||
Oval ID: | oval:org.mitre.oval:def:532 | ||
Title: | IE v6.0 Function Pointer Drag and Drop Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1027 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:534 | |||
Oval ID: | oval:org.mitre.oval:def:534 | ||
Title: | IE v6.0,SP1 Function Pointer Drag and Drop Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1027 | Version: | 5 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:629 | |||
Oval ID: | oval:org.mitre.oval:def:629 | ||
Title: | IE v6.0,SP1 (Server 2003) Function Pointer Drag and Drop Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1027 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:630 | |||
Oval ID: | oval:org.mitre.oval:def:630 | ||
Title: | IE v5.01,SP2 Travel Log Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1026 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:643 | |||
Oval ID: | oval:org.mitre.oval:def:643 | ||
Title: | IE v5.01,SP3 Travel Log Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1026 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:687 | |||
Oval ID: | oval:org.mitre.oval:def:687 | ||
Title: | IE v5.01,SP4 Travel Log Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1026 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:689 | |||
Oval ID: | oval:org.mitre.oval:def:689 | ||
Title: | IE v5.5,SP2 Travel Log Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1026 | Version: | 3 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:745 | |||
Oval ID: | oval:org.mitre.oval:def:745 | ||
Title: | IE v6.0 (XP) Travel Log Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1026 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:774 | |||
Oval ID: | oval:org.mitre.oval:def:774 | ||
Title: | IE v6.0,SP1 Travel Log Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1026 | Version: | 5 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:805 | |||
Oval ID: | oval:org.mitre.oval:def:805 | ||
Title: | IE v6.0,SP1 (Server 2003) Travel Log Cross Domain Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1026 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2004-02-03 | Microsoft Internet Explorer 5 NavigateAndFind() Cross-Zone Policy Vulnerability |
2004-02-04 | MS Internet Explorer URL Injection in History List (MS04-004) |
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
7891 | Microsoft Windows IE window.moveBy Function Pointer Hijack (HijackClickV2) Windows contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the OS allowing mouse events to control certain window operations via method caching. This may allow an attacker to include a file from a remote host that could be executed via another vulnerability. |
3791 | Microsoft IE Travel Log Arbitrary Script Execution Microsoft Internet Explorer contains a flaw that allows a remote cross zone scripting attack. This flaw exists because the application might execute code in the Local Machine zone if the page contains a subframe. This could allow a user to create a specially crafted URL that when viewed would execute arbitrary code in a user's browser within the security context of the currently logged on user, leading to a loss of confidentiality, integrity and availability. |
3022 | Mozilla Status Bar Manipulation Weakness Mozilla contains a flaw that may lead to an unauthorized information disclosure. It is possible for a user to manipulate information displayed in the status bar, which could be used to trick users who trust the information displayed there, resulting in a loss of confidentiality. |
2942 | Multiple Browser Domain URL Spoofing Internet Explorer, Opera, Mozilla and possibly other web browsers contains a flaw that may allow a malicious user to spoof a trusted site. The issue is triggered when a %01 character is placed in a URL. It is possible that the flaw may allow a malicious site to trick an unsuspecting user resulting in a loss of confidentiality and integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-11-16 | Microsoft Internet Explorer URL domain spoof attempt RuleID : 31888 - Revision : 2 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer URL domain spoof attempt RuleID : 31887 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer URL canonicalization address bar spoofing attempt RuleID : 15933 - Revision : 8 - Type : BROWSER-IE |
Alert History
Date | Informations |
---|---|
2014-11-16 21:25:19 |
|
2014-01-19 21:29:50 |
|