CVE-2003-1025

Microsoft Internet Explorer - Improper Input Validation

Title source: rule
STIX 2.1

Description

Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."

Exploits (3)

exploitdb WRITEUP VERIFIED
by nesumin · textremotewindows
https://www.exploit-db.com/exploits/23465
exploitdb WRITEUP VERIFIED
by Zap The Dingbat · textremotewindows
https://www.exploit-db.com/exploits/23423
exploitdb WORKING POC VERIFIED
by Guy Crumpley · textremotewindows
https://www.exploit-db.com/exploits/23422

References (13)

Core 13
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/652278
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/346948
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13935
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA04-033A.html
Exploit, Vendor Advisory x_refsource_misc
http://www.zapthedingbat.com/security/ex01/vun1.htm
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A510
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A526
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A513
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A491
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A512
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A490
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A511

Scores

EPSS 0.6417
EPSS Percentile 98.5%

Details

CWE
CWE-20
Status published
Products (1)
microsoft/internet_explorer 6.0
Published Jan 20, 2004
Tracked Since Feb 18, 2026