CVE-2004-0844
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.484Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ie-dbcs-obtain-information(17652)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652" }, { "name": "oval:org.mitre.oval:def:2448", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448" }, { "name": "oval:org.mitre.oval:def:8127", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2" }, { "name": "VU#431576", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/431576" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the \"Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ie-dbcs-obtain-information(17652)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652" }, { "name": "oval:org.mitre.oval:def:2448", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448" }, { "name": "oval:org.mitre.oval:def:8127", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127" }, { "name": "MS04-038", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "TA04-293A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2" }, { "name": "VU#431576", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/431576" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0844", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the \"Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ie-dbcs-obtain-information(17652)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652" }, { "name": "oval:org.mitre.oval:def:2448", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448" }, { "name": "oval:org.mitre.oval:def:8127", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127" }, { "name": "MS04-038", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "name": "TA04-293A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "name": "ie-ms04038-patch(17651)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "refsource": "NTBUGTRAQ", "url": "http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2" }, { "name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2" }, { "name": "VU#431576", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/431576" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0844", "datePublished": "2004-10-16T04:00:00", "dateReserved": "2004-09-08T00:00:00", "dateUpdated": "2024-08-08T00:31:47.484Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2004-0844\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-11-03T05:00:00.000\",\"lastModified\":\"2024-11-20T23:49:33.143\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the \\\"Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Internet Explorer 6 en sistemas de Juego de Caract\u00e9res de Byte Doble (BDCS) permite a atacantes remotos alterar la barra de direcciones mostrada y suplantar p\u00e1ginas web mediante una URL conteniendo caracteres especiales, lo que facilita ataques de phising, tambi\u00e9n llamada \\\"Vulnerabilidad de suplantaci\u00f3n de barra de direcciones en sistemas con juegos de caract\u00e9res de doble byte\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B80088A3-2AA4-44A2-98DF-359E15F8E18B\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/431576\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA04-293A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17651\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17652\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=110178042025729\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=ntbugtraq\u0026m=110174346717733\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/431576\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA04-293A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17651\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.