CVE-2003-1025

Internet Explorer 5.01-6 SP1 - URL Spoofing via %01 Character in User@Domain Portion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2003-1025. PoCs published by nesumin, Zap The Dingbat, Guy Crumpley.

AI-analyzed exploit summary The exploit describes a URI obfuscation vulnerability in Opera browser due to UTF-8 encoding interpretation of NULL characters. Attackers can craft malicious URIs to mimic trusted sites, potentially tricking users into visiting malicious locations.

Description

Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."

Exploits (3)

exploitdb WRITEUP VERIFIED
by nesumin · textremotewindows
https://www.exploit-db.com/exploits/23465

The exploit describes a URI obfuscation vulnerability in Opera browser due to UTF-8 encoding interpretation of NULL characters. Attackers can craft malicious URIs to mimic trusted sites, potentially tricking users into visiting malicious locations.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Opera browser (versions affected in 2003)
No auth needed
Prerequisites: User interaction required to follow a malicious link
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Zap The Dingbat · textremotewindows
https://www.exploit-db.com/exploits/23423

The exploit describes a URI obfuscation vulnerability in multiple browsers where a hexadecimal '1' value before the '@' symbol can mislead users into believing they are on a trusted site. This is a phishing/social engineering technique rather than a direct code execution exploit.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Multiple browsers (unspecified versions)
No auth needed
Prerequisites: User interaction (clicking a malicious link)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Guy Crumpley · textremotewindows
https://www.exploit-db.com/exploits/23422

This VBScript generates an HTML page exploiting a URI obfuscation vulnerability in older versions of Internet Explorer. It creates a deceptive hyperlink that displays a trusted domain but redirects to a malicious one using a hexadecimal obfuscation technique.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Internet Explorer 5.01, 5.5, and 6.0
No auth needed
Prerequisites: User interaction to click the malicious link · Victim using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/652278
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/346948
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13935
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA04-033A.html
Exploit, Vendor Advisory x_refsource_misc
http://www.zapthedingbat.com/security/ex01/vun1.htm
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A510
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A526
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A513
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A491
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A512
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A490
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A511

Scores

EPSS 0.2691
EPSS Percentile 97.8%

Details

CWE
CWE-20
Status published
Products (1)
microsoft/internet_explorer 6.0
Published Jan 20, 2004
Tracked Since Feb 18, 2026