PC Tools - Essential tools for your PC
Search
 
 
Features
 
 
Newsletter
Receive regular Windows® updates
Your privacy is ensured by our privacy policy
 
Security Home > Internet Explorer

Flaws in Web Server Certificate Validation Could Enable Spoofing New

Two security vulnerabilities exists in Internet Explorer which could enable an attacker to spoof trusted web sites.

Issue

The first vulnerability involves how digital certificates from web servers are validated. When CRL checking for such certificates is enabled, it could be possible for any or all of the following checks to no longer be performed:

  • Verification that the certificate has not expired
  • Verification that the server name matches the name on the certificate
  • Verification that the issuer of the certificate is trusted
The second vulnerability could enable a web page to display the URL from a different web site in the IE address bar. This spoofing could occur within a valid SSL session with the impersonated site. Both vulnerabilities could be used to convince a user that the attacker’s web site was actually a different one – one that the user presumably trusts and would provide sensitive information to.

Affected Products

  • Microsoft Internet Explorer 5.01 & 5.5

Download

Patch: http://www.microsoft.com/windows/ie/download/critical/q299618/default.asp

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: May 25, 2001

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
More Guides » Registry Guide Support Forums Software Guide Scripting Guide Driver Guide Search
 
HomeDownloadPurchaseSupportPartnersCompanyContact
  Copyright © 1998-2008 PC Tools. All rights Reserved. Privacy Policy | Legal Notice