IE7 website security certificate discrediting exploit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IE7 website security certificate discrediting exploit

Subject: IE7 website security certificate discrediting exploit
Date: 3 Nov 2006 18:00:48 -0000
From: suppressed

** Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/ **

Advisory Name: IE7 website security certificate discrediting exploit 
Tested and Confirmed Vulnerable: Microsoft(R) Internet Explorer(R) 7 
Severity: Low 
Type: Spoof 
>From where: Remote 
Discovered by: Inge Henriksen (http://ingehenriksen.blogspot.com/) 
Vendor Status: Notified 
Overview: 

It is possible to create a link in Microsoft(R) Internet Explorer(R) 7 that discredits a websites security certificate. The bad design is in the ieframe.dll's embedded invalidecert.htm.

Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/

Prev by Date: ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability
Next by Date: Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00
Previous by thread: ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability
Next by thread: Re: IE7 website security certificate discrediting exploit
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.