{"vuid":"VU#625616","idnumber":"625616","name":"Microsoft Internet Explorer does not properly handle navigations from plug-ins","keywords":["Microsoft","Internet Explorer","navigations from plug-ins","MS04-038","plugins","address bar spoofing"],"overview":"Microsoft Internet Explorer contains a vulnerability in its handling of navigation commands from plug-ins. This could let an attacker spoof the address of a website.","clean_desc":"Microsoft Internet Explorer improperly handles navigations from plug-ins, such as ActiveX controls. This improper navigation handling could cause IE to display an incorrect URL in the Address bar. As a result, a web site operator could make it appear that the content from his or her web site actually originated from another site when, in fact, it did not.","impact":"This vulnerability could be used to convince a user that the intruder's web site was actually a web site that the user trusts and might provide sensitive information to.","resolution":"Apply a patch\nApply the patch referenced in MS04-038.","workarounds":"","sysaffected":"","thanks":"Thanks to Microsoft for reporting this vulnerability.","author":"This document was written by Will Dormann, based on the information provided in the Microsoft Security Bulletin.","public":["http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx","http://securitytracker.com/alerts/2004/Oct/1011644.html"],"cveids":["CVE-2004-0843"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-10-12T20:30:58Z","publicdate":"2004-10-12T00:00:00Z","datefirstpublished":"2004-10-13T21:42:34Z","dateupdated":"2004-10-15T20:37:45Z","revision":6,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"20","cam_impact":"1","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.98","cam_scorecurrentwidelyknown":"2.43","cam_scorecurrentwidelyknownexploited":"4.23","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.98,"vulnote":null}