Vulnerability Details : CVE-2003-1025
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2003-1025
Probability of exploitation activity in the next 30 days: 97.39%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2003-1025
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2003-1025
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2003-1025
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
-
http://www.kb.cert.org/vuls/id/652278
Third Party Advisory;US Government Resource
-
http://www.zapthedingbat.com/security/ex01/vun1.htm
Exploit;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A511
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A526
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/13935
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A491
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A490
-
http://www.securityfocus.com/archive/1/346948
Vendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA04-033A.html
US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A512
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A510
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A513
Products affected by CVE-2003-1025
- cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*