Microsoft · Internet Explorer · CVE-2003-1025
**Name of the Vulnerable Software and Affected Versions**
Internet Explorer versions 5.01 through 6 SP1
**Description**
The issue allows remote attackers to spoof the domain of a URL by using a "%01" character before an @ sign in the `user`@`domain` portion of the URL. This hides the rest of the URL, including the real site, in the address bar.
**Recommendations**
For Internet Explorer versions 5.01 through 6 SP1, consider avoiding the use of URLs with the "%01" character before an @ sign in the user@domain portion until a fix is available. As a temporary workaround, carefully verify the URL in the address bar to ensure it matches the expected domain.