CVE-2003-1025

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 5.01 through 6 SP1

Description The issue allows remote attackers to spoof the domain of a URL by using a "%01" character before an @ sign in the user@domain portion of the URL. This hides the rest of the URL, including the real site, in the address bar.

Recommendations For Internet Explorer versions 5.01 through 6 SP1, consider avoiding the use of URLs with the "%01" character before an @ sign in the user@domain portion until a fix is available. As a temporary workaround, carefully verify the URL in the address bar to ensure it matches the expected domain.