Date: 3 Nov 2006 18:00:48 -0000
From: [email protected]
To: [email protected]Subject: IE7 website security certificate discrediting exploit
X-Virus-Scanned: antivirus-gw at tyumen.ru
Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/ **
Advisory Name: IE7 website security certificate discrediting exploit
Tested and Confirmed Vulnerable: Microsoft(R) Internet Explorer(R) 7
Severity: Low
Type: Spoof
>From where: Remote
Discovered by: Inge Henriksen (http://ingehenriksen.blogspot.com/)
Vendor Status: Notified
Overview:
It is possible to create a link in Microsoft(R) Internet Explorer(R) 7 that discredits a websites security certificate. The bad design is in the ieframe.dll's embedded invalidecert.htm.
Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/
