Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Internet Explorer URL Spoofing Vulnerability

Dec 9, 2003 7:37AM PST

Secunia Advisory: SA10395
Release Date: 2003-12-09


Critical: Moderately critical
Impact: ID Spoofing

Where: From remote



Software: Microsoft Internet Explorer 6




Description:
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address bar.

The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL.

More: http://www.secunia.com/advisories/10395/

Discussion is locked