The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


UPDATE: IE https certificate attack


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 25 Dec 2001 13:37:16 +0100
From: Stefan Esser <[email protected]>
To: [email protected]
Subject: UPDATE: IE https certificate attack

UPDATE: IE https certificate attack

Date: 2001/12/25

This morning i was googling through the web and found out that
the issue is not that new for Microsoft. 
If you compare
http://www.acros.si/aspr/ASPR-1999-12-15-1-PUB.txt
with my advisory at
http://security.e-matters.de/advisories/012001.html
you can see that the same bug was reported 2(!) years ago to
microsoft. At that time (or better half a year later) Microsoft
released the patches for that vulnerability that fixed the
bug within IE 4.0 and the early versions of IE 5.0.
The Microsoft Security Bulletin (MS00-039) clearly states that
IE 5.01 SP1 and IE 5.5 are not vulnerable.
That means, that one of the "security patches" that Microsoft
released since that date reimplemented the bug and made all
IEs vulnerable again.

Stefan Esser

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру