Back to search
CVE-2008-4788
Published: Oct 29, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20081027 Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6
mailing-list
x_refsource_BUGTRAQ
20081027 Re: Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6
mailing-list
x_refsource_BUGTRAQ
ie-highbit-addressbar-spoofing(46235)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now