Date: Tue, 25 Dec 2001 13:37:16 +0100
From: Stefan Esser <[email protected]>
To: [email protected]Subject: UPDATE: IE https certificate attack
UPDATE: IE https certificate attack
Date: 2001/12/25
This morning i was googling through the web and found out that
the issue is not that new for Microsoft.
If you compare
http://www.acros.si/aspr/ASPR-1999-12-15-1-PUB.txt
with my advisory at
http://security.e-matters.de/advisories/012001.html
you can see that the same bug was reported 2(!) years ago to
microsoft. At that time (or better half a year later) Microsoft
released the patches for that vulnerability that fixed the
bug within IE 4.0 and the early versions of IE 5.0.
The Microsoft Security Bulletin (MS00-039) clearly states that
IE 5.01 SP1 and IE 5.5 are not vulnerable.
That means, that one of the "security patches" that Microsoft
released since that date reimplemented the bug and made all
IEs vulnerable again.
Stefan Esser