Executive Summary

Informations
Name MS04-004 First vendor Publication N/A
Vendor Microsoft Last vendor Modification N/A
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cumulative Security Update for Internet Explorer (832894)

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-30 Hijacking a Privileged Thread of Execution
CAPEC-35 Leverage Executable Code in Nonexecutable Files

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-264 Permissions, Privileges, and Access Controls
50 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:490
 
Oval ID: oval:org.mitre.oval:def:490
Title: IE v5.01,SP2 Improper URL Canonicalization Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1025
 Version: 5
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:491
 
Oval ID: oval:org.mitre.oval:def:491
Title: IE v5.01,SP3 Improper URL Canonicalization Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1025
 Version: 5
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:510
 
Oval ID: oval:org.mitre.oval:def:510
Title: IE v5.01,SP4 Improper URL Canonicalization Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1025
 Version: 5
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:511
 
Oval ID: oval:org.mitre.oval:def:511
Title: IE v5.5,SP2 Improper URL Canonicalization Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1025
 Version: 3
Platform(s): Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:512
 
Oval ID: oval:org.mitre.oval:def:512
Title: IE v6.0 Improper URL Canonicalization Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1025
 Version: 4
Platform(s): Microsoft Windows XP
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:513
 
Oval ID: oval:org.mitre.oval:def:513
Title: IE v6.0,SP1 Improper URL Canonicalization Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1025
 Version: 5
Platform(s): Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:526
 
Oval ID: oval:org.mitre.oval:def:526
Title: IE v6.0,SP1 (Server 2003) Improper URL Canonicalization Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1025
 Version: 6
Platform(s): Microsoft Windows Server 2003
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:527
 
Oval ID: oval:org.mitre.oval:def:527
Title: IE v5.01,SP2 Function Pointer Drag and Drop Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1027
 Version: 5
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:529
 
Oval ID: oval:org.mitre.oval:def:529
Title: IE v5.01,SP3 Function Pointer Drag and Drop Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1027
 Version: 5
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:530
 
Oval ID: oval:org.mitre.oval:def:530
Title: IE v5.01,SP4 Function Pointer Drag and Drop Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1027
 Version: 5
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:531
 
Oval ID: oval:org.mitre.oval:def:531
Title: IE v5.5,SP2 Function Pointer Drag and Drop Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1027
 Version: 3
Platform(s): Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:532
 
Oval ID: oval:org.mitre.oval:def:532
Title: IE v6.0 Function Pointer Drag and Drop Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1027
 Version: 4
Platform(s): Microsoft Windows XP
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:534
 
Oval ID: oval:org.mitre.oval:def:534
Title: IE v6.0,SP1 Function Pointer Drag and Drop Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1027
 Version: 5
Platform(s): Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:629
 
Oval ID: oval:org.mitre.oval:def:629
Title: IE v6.0,SP1 (Server 2003) Function Pointer Drag and Drop Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1027
 Version: 6
Platform(s): Microsoft Windows Server 2003
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:630
 
Oval ID: oval:org.mitre.oval:def:630
Title: IE v5.01,SP2 Travel Log Cross Domain Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1026
 Version: 5
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:643
 
Oval ID: oval:org.mitre.oval:def:643
Title: IE v5.01,SP3 Travel Log Cross Domain Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1026
 Version: 5
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:687
 
Oval ID: oval:org.mitre.oval:def:687
Title: IE v5.01,SP4 Travel Log Cross Domain Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1026
 Version: 5
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:689
 
Oval ID: oval:org.mitre.oval:def:689
Title: IE v5.5,SP2 Travel Log Cross Domain Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1026
 Version: 3
Platform(s): Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:745
 
Oval ID: oval:org.mitre.oval:def:745
Title: IE v6.0 (XP) Travel Log Cross Domain Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1026
 Version: 4
Platform(s): Microsoft Windows XP
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:774
 
Oval ID: oval:org.mitre.oval:def:774
Title: IE v6.0,SP1 Travel Log Cross Domain Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1026
 Version: 5
Platform(s): Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:805
 
Oval ID: oval:org.mitre.oval:def:805
Title: IE v6.0,SP1 (Server 2003) Travel Log Cross Domain Vulnerability
Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-1026
 Version: 6
Platform(s): Microsoft Windows Server 2003
 Product(s): Microsoft Internet Explorer
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 9

ExploitDB Exploits

id Description
2004-02-03 Microsoft Internet Explorer 5 NavigateAndFind() Cross-Zone Policy Vulnerability
2004-02-04 MS Internet Explorer URL Injection in History List (MS04-004)

OpenVAS Exploits

Date Description
2005-11-03 Name : IE 5.01 5.5 6.0 Cumulative patch (890923)
File : nvt/smb_nt_ms02-005.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
7891 Microsoft Windows IE window.moveBy Function Pointer Hijack (HijackClickV2)

Windows contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the OS allowing mouse events to control certain window operations via method caching. This may allow an attacker to include a file from a remote host that could be executed via another vulnerability.
3791 Microsoft IE Travel Log Arbitrary Script Execution

Microsoft Internet Explorer contains a flaw that allows a remote cross zone scripting attack. This flaw exists because the application might execute code in the Local Machine zone if the page contains a subframe. This could allow a user to create a specially crafted URL that when viewed would execute arbitrary code in a user's browser within the security context of the currently logged on user, leading to a loss of confidentiality, integrity and availability.
3022 Mozilla Status Bar Manipulation Weakness

Mozilla contains a flaw that may lead to an unauthorized information disclosure. It is possible for a user to manipulate information displayed in the status bar, which could be used to trick users who trust the information displayed there, resulting in a loss of confidentiality.
2942 Multiple Browser Domain URL Spoofing

Internet Explorer, Opera, Mozilla and possibly other web browsers contains a flaw that may allow a malicious user to spoof a trusted site. The issue is triggered when a %01 character is placed in a URL. It is possible that the flaw may allow a malicious site to trick an unsuspecting user resulting in a loss of confidentiality and integrity.

Snort® IPS/IDS

Date Description
2014-11-16 Microsoft Internet Explorer URL domain spoof attempt
RuleID : 31888 - Revision : 2 - Type : BROWSER-IE
2014-11-16 Microsoft Internet Explorer URL domain spoof attempt
RuleID : 31887 - Revision : 2 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer URL canonicalization address bar spoofing attempt
RuleID : 15933 - Revision : 8 - Type : BROWSER-IE

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-11-16 21:25:19
  • Multiple Updates
2014-01-19 21:29:50
  • Multiple Updates