{"vuid":"VU#988768","idnumber":"988768","name":"Microsoft Internet Explorer (IE) permits modification of URL displayed in address bar","keywords":["Microsoft","Internet Explorer","IE","MS01-027","URL","SSL","modification","manipulate"],"overview":"A vulnerability exists in Microsoft Internet Explorer which could could enable an attacker to spoof trusted web sites.","clean_desc":"A vulnerability exists in Microsoft Internet Explorer. This vulnerability could enable a web page to display the URL\nfrom a different web site in the IE address bar. This spoofing could occur within a valid SSL session  with the impersonated site, meaning that a  web site operator could make it appear that the content from his or her Web site actually originated from another site, even a trusted or secure Web site, when in fact, it did not. More information on this problem is available from Microsoft at: http://www.microsoft.com/technet/security/bulletin/MS01-027.asp","impact":"This vulnerability could be used to convince a user that the intruder's web site was actually a different one - a web site that the user trusts and might provide sensitive information to.","resolution":"Apply the patch described in http://www.microsoft.com/technet/security/bulletin/MS01-027.asp","workarounds":"","sysaffected":"","thanks":"Our thanks to Microsoft for the information contained in their bulletin.","author":"This document was written by Ian A. Finlay and is based on information obtained from a Microsoft Security Advisory.","public":["http://www.microsoft.com/technet/security/bulletin/MS01-027.asp","   http://www.securityfocus.com/bid/2737"],"cveids":["CVE-2001-0339"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-05-17T13:17:41Z","publicdate":"2001-05-17T00:00:00Z","datefirstpublished":"2001-06-07T19:10:35Z","dateupdated":"2001-06-07T19:24:01Z","revision":25,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"0","cam_impact":"8","cam_easeofexploitation":"7","cam_attackeraccessrequired":"9","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}