Oval Definition:oval:org.mitre.oval:def:2448
Revision Date:2014-02-24Version:45
Title:Address Bar Spoofing on Double Byte Character Set Systems Vulnerability (Server 2003)
Description:Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0844
Platform(s):Microsoft Windows Server 2003
Product(s):Microsoft Internet Explorer
Definition Synopsis
  • Software section
  • Internet Explorer 6 for Windows Server 2003 is installed
  • AND the version of mshtml.dll is less than 6.0.3790.219
  • AND NOT the patch kb834707 is installed (Hotfix key)
  • AND Configuration section
  • ActiveX controls and active scripting are enabled
  • current user settings are being used and ActiveX controls and active scripting are enabled
  • NOT use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the current user
  • AND active scripting is enabled for the current user
  • OR local machine settings are being used and ActiveX controls and active scripting are enabled
  • use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the local machine
  • AND active scripting is enabled for the local machine
    • BACK