Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."

Internet Explorer 5.01、5.5 和 6 允许远程攻击者通过包含包含已双重十六进制编码的主机名的 HTML 页面执行任意代码，这些主机名被两次解码生成一个恶意的主机名，即“URL 解码安全区域伪造漏洞”。

NVD 暂无评分

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）