{"vuid":"VU#431576","idnumber":"431576","name":"Microsoft Internet Explorer vulnerable to address bar spoofing on double byte character set systems","keywords":["Microsoft","Internet Explorer","address bar spoofing","double byte character set systems","MS04-038","canonicalization"],"overview":"Microsoft Internet Explorer contains a vulnerability in how it processes URLs on Double Byte Character Set (DBCS) systems. This could allow an attacker to spoof the address of a web site.","clean_desc":"Microsoft Internet Explorer contains a canonicalization error when it parses special characters in a URL on a DBCS system. A DBCS system represents characters with either a single byte or a double byte code. DBCS is used with some Asian versions of Microsoft Windows. Because of the error in how IE parses URLs on DBCS systems, a web site operator could make it appear that the content from his or her web site actually originated from another site.","impact":"By making a malicious web site appear to be a site that the user trusts, an attacker could convince the user to provide sensitive information.","resolution":"Apply a patch\nApply the patch referenced in MS04-038.","workarounds":"","sysaffected":"","thanks":"Thanks to Microsoft for reporting this vulnerability.","author":"This document was written by Will Dormann, based on the information provided in the Microsoft Security Bulletin.","public":["http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx","http://securitytracker.com/alerts/2004/Oct/1011643.html"],"cveids":["CVE-2004-0844"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-10-12T20:30:49Z","publicdate":"2004-10-12T00:00:00Z","datefirstpublished":"2004-10-13T21:42:01Z","dateupdated":"2004-10-18T16:39:34Z","revision":8,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"20","cam_impact":"1","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.98","cam_scorecurrentwidelyknown":"2.43","cam_scorecurrentwidelyknownexploited":"4.23","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.98,"vulnote":null}