[23608] in bugtraq
Re: IE https certificate attack
daemon@ATHENA.MIT.EDU (e-matters GmbH - Securityteam)
Mon Dec 24 20:41:15 2001
Message-ID: <012e01c18cbb$d9540620$0401a8c0@noname>
From: "e-matters GmbH - Securityteam" <security@e-matters.de>
To: "Dimitris Giannitsaros" <daremon@ath.forthnet.gr>,
<bugtraq@securityfocus.com>
Date: Mon, 24 Dec 2001 21:44:56 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
> I use IE 5.00.3315.1000 / Win2k Pro SP2 and no other patches. I am not
> vulnerable: IE correctly displays the warning ("Security Alert") saying
that
Yeah, it seems that people with IE 5.00 that have not installed any of the
MS "security"
patches are not vulnerable. But latest patched IE 5.00 are vulnerable.
Stefan Esser
