CVE-2008-4787

Microsoft Internet Explorer 6 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4787. PoCs published by Amit Klein.

AI-analyzed exploit summary This exploit leverages a URI-spoofing vulnerability in Internet Explorer 6 by using multiple non-breaking space characters ( ) to obscure the true destination URL in the address bar, tricking users into trusting a malicious link.

Description

Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many   (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Amit Klein · htmlwebappsphp
https://www.exploit-db.com/exploits/32539

This exploit leverages a URI-spoofing vulnerability in Internet Explorer 6 by using multiple non-breaking space characters ( ) to obscure the true destination URL in the address bar, tricking users into trusting a malicious link.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Internet Explorer 6
No auth needed
Prerequisites: User interaction required to click the spoofed link
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31960
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/497825/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/497827/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46234

Scores

EPSS 0.1362
EPSS Percentile 96.0%

Details

Status published
Products (1)
microsoft/internet_explorer 6
Published Oct 29, 2008
Tracked Since Feb 18, 2026