CVE-2008-4788 — Microsoft Internet Explorer vulnerability

2 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

16.5%

top 5.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedOct 29

Latest updateMay 14

Description

Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6

🔴Vulnerability Details

GHSA

GHSA-j9qq-p6mw-h9pq: Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the addres↗2022-05-14

▶