Vulnerability Name:

CVE-2005-4679 (CCN-17909)

Assigned:2004-10-29
Published:2004-10-29
Updated:2008-09-05
Summary:Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Other
References:Source: CCN
Type: BugTraq Mailing List, Thu Oct 28 2004 - 16:38:16 CDT
New URL spoofing bug in Microsoft Internet Explorer

Source: CCN
Type: BugTraq Mailing List, Fri Oct 29 2004 - 18:08:52 CDT
RE: New URL spoofing bug in Microsoft Internet Explorer

Source: CCN
Type: BugTraq Mailing List, Sun Oct 31 2004 - 08:21:35 CST
Safari vulnerable to URL spoofing

Source: CCN
Type: NTBugTraq Mailing List, Fri Oct 29 2004 - 15:19:03 CDT
Re: New URL spoofing bug in Microsoft Internet Explorer

Source: MITRE
Type: CNA
CVE-2004-1121

Source: MITRE
Type: CNA
CVE-2005-4679

Source: CCN
Type: AppleCare Knowledge Base Document 61798
Security Update 2004-12-02

Source: CCN
Type: SA13047
Safari "Javascript Disabled" Status Bar Spoofing

Source: CCN
Type: SA17565
Internet Explorer Image Control Status Bar Spoofing Weakness

Source: SECUNIA
Type: Vendor Advisory
17565

Source: CCN
Type: US-CERT VU#925430
Multiple web browsers do not properly interpret TABLE elements when displaying URLs in the status bar

Source: CCN
Type: OSVDB ID: 12203
Apple Safari Status Bar Spoofing

Source: CCN
Type: OSVDB ID: 79173
Microsoft IE Image Control Title Attribute Status Bar Spoofing

Source: CCN
Type: BID-11561
Microsoft Internet Explorer TABLE Status Bar URI Obfuscation Weakness

Source: CCN
Type: BID-11573
Apple Safari Web Browser TABLE Status Bar URI Obfuscation Weakness

Source: CCN
Type: BID-11590
Microsoft Internet Explorer IFRAME Status Bar URI Obfuscation Weakness

Source: XF
Type: UNKNOWN
ie-table-status-spoofing(17909)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
  • AND
  • cpe:/o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft ie 6 windows_xp_sp2
    microsoft outlook express 6.0
    microsoft ie 6.0.2800.1106
    apple mac os x 10.2.8
    apple mac os x server 10.2.8
    apple mac os x 10.3.6
    apple mac os x server 10.3.6