[23613] in bugtraq
UPDATE: IE https certificate attack
daemon@ATHENA.MIT.EDU (Stefan Esser)
Tue Dec 25 13:01:17 2001
Message-ID: <00fe01c18d40$e61e18c0$0401a8c0@noname>
From: "Stefan Esser" <s.esser@e-matters.de>
To: <bugtraq@securityfocus.com>
Date: Tue, 25 Dec 2001 13:37:16 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
UPDATE: IE https certificate attack
Date: 2001/12/25
This morning i was googling through the web and found out that
the issue is not that new for Microsoft.
If you compare
http://www.acros.si/aspr/ASPR-1999-12-15-1-PUB.txt
with my advisory at
http://security.e-matters.de/advisories/012001.html
you can see that the same bug was reported 2(!) years ago to
microsoft. At that time (or better half a year later) Microsoft
released the patches for that vulnerability that fixed the
bug within IE 4.0 and the early versions of IE 5.0.
The Microsoft Security Bulletin (MS00-039) clearly states that
IE 5.01 SP1 and IE 5.5 are not vulnerable.
That means, that one of the "security patches" that Microsoft
released since that date reimplemented the bug and made all
IEs vulnerable again.
Stefan Esser
