ID CVE-2004-0843
Summary Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-10-2018 - 21:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2014-02-24T04:03:12.898-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2487
    status accepted
    submitted 2004-10-25T04:00:00.000-04:00
    title IE v6.0 Plug-in Navigation Address Bar Spoofing Vulnerability
    version 67
  • accepted 2014-02-24T04:03:13.018-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2537
    status accepted
    submitted 2004-10-25T05:29:00.000-04:00
    title IE v5.01,SP4 Plug-in Navigation Address Bar Spoofing Vulnerability
    version 66
  • accepted 2014-02-24T04:03:17.653-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
    family windows
    id oval:org.mitre.oval:def:3949
    status accepted
    submitted 2005-01-18T12:00:00.000-04:00
    title IE v5.01, SP3 Plug-in Navigation Address Bar Spoofing Vulnerability
    version 66
  • accepted 2014-02-24T04:03:24.919-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6313
    status accepted
    submitted 2004-10-25T12:00:00.000-04:00
    title IE v6.0,SP1 for Server 2003 Plug-in Navigation Address Bar Spoofing Vulnerability
    version 67
  • accepted 2014-02-24T04:03:25.812-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
    family windows
    id oval:org.mitre.oval:def:7095
    status accepted
    submitted 2004-10-25T05:31:00.000-04:00
    title IE v5.5,SP2 Plug-in Navigation Address Bar Spoofing Vulnerability
    version 66
  • accepted 2014-02-24T04:03:26.063-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
    family windows
    id oval:org.mitre.oval:def:7194
    status accepted
    submitted 2004-10-25T07:44:00.000-04:00
    title IE v6.0,SP1 Plug-in Navigation Address Bar Spoofing Vulnerability
    version 67
refmap via4
cert TA04-293A
cert-vn VU#625616
ms MS04-038
xf
  • ie-ms04038-patch(17651)
  • ie-plugin-address-spoofing(17655)
Last major update 12-10-2018 - 21:35
Published 03-11-2004 - 05:00
Back to Top