CVE-2004-0526
CVSS5.0
发布时间 :2004-08-06 00:00:00
修订时间 :2016-10-17 22:45:57
NMCOES    

[原文]Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.


[CNNVD]Microsoft Internet Explorer嵌入图象URI欺骗漏洞(CNNVD-200408-064)

        
        Microsoft Internet Explorer是一款流行的WEB浏览器。
        Microsoft Internet Explorer在处理部分URI连接时存在问题,远程攻击者可以利用这个漏洞隐藏URI连接中的真实内容,诱骗用户访问恶意站点。
        图象包含在正确格式的HREF标记中时,可隐藏URI连接中的真实内容,这个漏洞可诱骗用户访问一个非法连接而不被怀疑。
        攻击者可以通过提供恶意图象使的显示的URI连接指向合法信任的站点,如果没有任何怀疑的用户把鼠标移到相关的链接,可能导致他们认为链接的是信任正确的站点而被欺骗。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:outlook_express:4.72.2106
cpe:/a:microsoft:outlook_express:4.72.3612
cpe:/a:microsoft:outlook:2000Microsoft Outlook 2000
cpe:/a:microsoft:outlook:2000:sp3Microsoft Outlook 2000 sp3
cpe:/a:microsoft:outlook_express:5.5Microsoft outlook_express 5.5
cpe:/a:microsoft:ie:5.0.1:sp2Microsoft Internet Explorer 5.0.1 SP2
cpe:/a:microsoft:outlook:2000:sp2Microsoft Outlook 2000 sp2
cpe:/a:microsoft:ie:5.0.1:sp1Microsoft Internet Explorer 5.0.1 SP1
cpe:/a:microsoft:outlook_express:6.0Microsoft outlook_express 6.0
cpe:/a:microsoft:outlook_express:5.0.1Microsoft outlook_express 5.0.1
cpe:/a:microsoft:outlook_express:4.0Microsoft outlook_express 4.0
cpe:/a:microsoft:outlook_express:4.01:sp2Microsoft outlook_express 4.01 sp2
cpe:/a:microsoft:outlook:2000:sr1Microsoft Outlook 2000 sr1
cpe:/a:microsoft:outlook_express:5.0Microsoft outlook_express 5.0
cpe:/a:microsoft:outlook:97Microsoft Outlook 97
cpe:/a:microsoft:outlook:98Microsoft Outlook 98
cpe:/a:microsoft:outlook:2002Microsoft Outlook 2002
cpe:/a:microsoft:outlook:2003Microsoft Outlook 2003
cpe:/a:microsoft:outlook_express:4.72.3120.0Microsoft outlook_express 4.72.3120
cpe:/a:microsoft:outlook:2002:sp3Microsoft Outlook 2002 Service Pack 3
cpe:/a:microsoft:outlook:2002:sp2Microsoft Outlook 2002 sp2
cpe:/a:microsoft:outlook:2002:sp1Microsoft Outlook 2002 sp1
cpe:/a:microsoft:ie:6.0Microsoft Internet Explorer 6.0
cpe:/a:microsoft:ie:5.5Microsoft ie 5.5
cpe:/a:microsoft:ie:5.0Microsoft Internet Explorer 5.0
cpe:/a:microsoft:ie:5.0.1:sp4Microsoft Internet Explorer 5.0.1 Service Pack 4
cpe:/a:microsoft:ie:5.0.1:sp3Microsoft Internet Explorer 5.0.1 SP3
cpe:/a:microsoft:ie:6.0:sp1
cpe:/a:microsoft:ie:5.5:sp2Microsoft Internet Explorer 5.5 SP2
cpe:/a:microsoft:ie:5.0.1Microsoft Internet Explorer 5.0.1
cpe:/a:microsoft:ie:5.5:sp1Microsoft Internet Explorer 5.5 SP1
cpe:/a:microsoft:outlook_express:4.27.3110

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0526
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0526
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-064
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html
(UNKNOWN)  BUGTRAQ  20040517 Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
http://marc.info/?l=bugtraq&m=108422905510713&w=2
(UNKNOWN)  BUGTRAQ  20040510 DEEP SEA PHISHING: Internet Explorer / Outlook Express
http://www.kurczaba.com/securityadvisories/0405132poc.htm
(UNKNOWN)  MISC  http://www.kurczaba.com/securityadvisories/0405132poc.htm
http://www.securityfocus.com/bid/10308
(VENDOR_ADVISORY)  BID  10308
http://xforce.iss.net/xforce/xfdb/16102
(VENDOR_ADVISORY)  XF  ie-ahref-url-spoofing(16102)

- 漏洞信息

Microsoft Internet Explorer嵌入图象URI欺骗漏洞
中危 设计错误
2004-08-06 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft Internet Explorer是一款流行的WEB浏览器。
        Microsoft Internet Explorer在处理部分URI连接时存在问题,远程攻击者可以利用这个漏洞隐藏URI连接中的真实内容,诱骗用户访问恶意站点。
        图象包含在正确格式的HREF标记中时,可隐藏URI连接中的真实内容,这个漏洞可诱骗用户访问一个非法连接而不被怀疑。
        攻击者可以通过提供恶意图象使的显示的URI连接指向合法信任的站点,如果没有任何怀疑的用户把鼠标移到相关的链接,可能导致他们认为链接的是信任正确的站点而被欺骗。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.microsoft.com/windows/ie/default.asp

- 漏洞信息 (24102)

Microsoft Internet Explorer 4/5/6 Embedded Image URI Obfuscation Weakness (EDBID:24102)
windows remote
2004-05-10 Verified
0 http-equiv
N/A [点击下载]
source: http://www.securityfocus.com/bid/10308/info

It has been reported that Microsoft Internet Explorer is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.

This weakness could be employed to trick a user into following a malicious link.

An attacker could exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim were to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.

<A HREF=http://www.example.com alt="http://www.example.com">
<IMG SRC="malware.gif" USEMAP="#malware" border=0
alt="http://www.example.com"></A>
<map NAME="malware" alt="http://www.example.com">
<area SHAPE=RECT COORDS="224,21" HREF="http://www.malware.com"
alt="http://www.example.com">
</MAP>		

- 漏洞信息

6007
Microsoft IE/Outlook IMG/HREF Tag Code Execution
Remote / Network Access Other
Loss of Integrity
Exploit Public

- 漏洞描述

Microsoft IE and Outlook contain a flaw that may allow a malicious attacker to send users a link that loads arbitrary html code which is not displayed and is stored locally. The issue is triggered when an IMG tag is enclosed in the A HREF tag, as the reference content is stored locally in the user's cache. It is possible that the flaw may allow an attacker to trick users into executing stored content locally by sending a URL whose A HREF tag points them to the locally cached content.

- 时间线

2004-05-10 Unknow
Unknow Unknow

- 解决方案

Upgrade to version Outlook 2003 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Internet Explorer Embedded Image URI Obfuscation Weakness
Design Error 10308
Yes No
2004-05-10 12:00:00 2013-04-19 02:40:00
Discovery of these issues is credited to "http-equiv@excite.com" <1@malware.com>.

- 受影响的程序版本

Microsoft Outlook Express 5.0.1
Microsoft Outlook Express 4.72.3612
Microsoft Outlook Express 4.72.3120
Microsoft Outlook Express 4.72.2106
Microsoft Outlook Express 4.27.3110
Microsoft Outlook Express 4.0.1 SP2
Microsoft Outlook Express 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Itanium SP2
+ Microsoft Windows Server 2003 Itanium SP2
+ Microsoft Windows Server 2003 Itanium SP1
+ Microsoft Windows Server 2003 Itanium SP1
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard x64 Edition
+ Microsoft Windows Server 2003 Standard x64 Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 x64 SP2
+ Microsoft Windows Server 2003 x64 SP2
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Media Center Edition SP2
+ Microsoft Windows XP Media Center Edition SP2
+ Microsoft Windows XP Media Center Edition
+ Microsoft Windows XP Media Center Edition
+ Microsoft Windows XP Media Center Edition
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional x64 Edition SP2
+ Microsoft Windows XP Professional x64 Edition SP2
+ Microsoft Windows XP Tablet PC Edition SP2
+ Microsoft Windows XP Tablet PC Edition SP2
+ Microsoft Windows XP Tablet PC Edition
+ Microsoft Windows XP Tablet PC Edition
Microsoft Outlook Express 5.5
+ Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
+ Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
+ Microsoft Internet Explorer 5.0.1 for Windows 98
+ Microsoft Internet Explorer 5.0.1 for Windows 98
+ Microsoft Internet Explorer 5.0.1 for Windows 95
+ Microsoft Internet Explorer 5.0.1 for Windows 95
+ Microsoft Internet Explorer 5.0.1 for Windows 2000
+ Microsoft Internet Explorer 5.0.1 for Windows 2000
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.5
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Outlook Express 5.0
Microsoft Outlook Express 4.0
Microsoft Outlook 98 0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Outlook 97 8.2.4212
Microsoft Outlook 97 0
Microsoft Outlook 2003 0
+ Microsoft Office 2003 SP3
+ Microsoft Office 2003 SP3
+ Microsoft Office 2003 SP2
+ Microsoft Office 2003 SP2
+ Microsoft Office 2003 SP1
+ Microsoft Office 2003 SP1
+ Microsoft Office 2003 0
+ Microsoft Office 2003 0
Microsoft Outlook 2002 SP3
+ Microsoft Office XP SP3
+ Microsoft Office XP SP3
Microsoft Outlook 2002 SP2
+ Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Terminal Services SP3
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Outlook 2002 SP1
+ Microsoft Office XP SP1
+ Microsoft Office XP SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
Microsoft Outlook 2002 0
+ Microsoft Office XP
+ Microsoft Office XP
+ Microsoft Office XP
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
Microsoft Outlook 2000 SP3
+ Microsoft Office 2000 SP3
+ Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
Microsoft Outlook 2000 0
+ Microsoft Office 2000
+ Microsoft Office 2000
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
Microsoft Outlook 2000 SR1
+ Microsoft Office 2000 SP1
+ Microsoft Office 2000 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5

- 漏洞讨论

It has been reported that Microsoft Internet Explorer is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.

This weakness could be employed to trick a user into following a malicious link.

An attacker could exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim were to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.

- 漏洞利用

The following example has been supplied:

&lt;A HREF=http://www.example.com alt="http://www.example.com"&gt;
&lt;IMG SRC="malware.gif" USEMAP="#malware" border=0
alt="http://www.example.com"&gt;&lt;/A&gt;
&lt;map NAME="malware" alt="http://www.example.com"&gt;
&lt;area SHAPE=RECT COORDS="224,21" HREF="http://www.malware.com"
alt="http://www.example.com"&gt;
&lt;/MAP&gt;

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站