ID CVE-2001-0339
Summary Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:-:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.40.308:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.40.308:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.40.520:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.40.520:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1155:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1155:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1158:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1158:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1215:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1215:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1300:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1300:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.544:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.544:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.1008.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.1008.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.1712.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.1712.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.2106.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.2106.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.3110.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.3110.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.3612.1713:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.3612.1713:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.0518.10:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.0518.10:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.0910.1309:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.0910.1309:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2014.0216:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2014.0216:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2314.1003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2314.1003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2516.1900:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2516.1900:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2614.3500:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2614.3500:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.3800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.3800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.6307:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.6307:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2920.0000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2920.0000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3103.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3103.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3105.0106:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3105.0106:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3314.2101:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3314.2101:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3315.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3315.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3502.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3502.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3700.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3700.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:preview:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:preview:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2014-02-24T04:00:07.894-05:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
description Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."
family windows
id oval:org.mitre.oval:def:1096
status accepted
submitted 2004-04-29T12:00:00.000-04:00
title IE Web Page Spoofing Vulnerability
version 66
refmap via4
bid 2737
ciac L-087
osvdb 5694
xf ie-html-url-spoofing(6556)
Last major update 12-10-2018 - 21:30
Published 27-06-2001 - 04:00
Last modified 12-10-2018 - 21:30
Back to Top