[23626] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: IE https certificate attack

daemon@ATHENA.MIT.EDU (Geoff Joy)
Wed Dec 26 21:37:43 2001

From: Geoff Joy <geoff@windowmeister.com>
To: <bugtraq@securityfocus.com>
Date: Wed, 26 Dec 2001 18:00:09 -0800
Message-ID: <2vsk2usrtnap81hvoenkstj3c0r0fvdqbj@4ax.com>
In-Reply-To: <012e01c18cbb$d9540620$0401a8c0@noname>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit

Internet Explorer 6.0.2600.0000 with the latest Critical Updates
including Q306121; Q312461; Q313675 is VULNERABLE.

Tested in Windows 2000 Professional 5.0.2195 SP2:
                Patch Found     MS00-077        Q299796
                Patch Found     MS00-079        Q276471
                Patch Found     MS01-007        Q285851
                Patch Found     MS01-013        Q285156
                NOTE            MS01-022        Q296441
                Patch Found     MS01-025        Q296185
                Patch Found     MS01-031        Q299553
                Patch Found     MS01-037        Q302755
                Patch Found     MS01-041        Q298012
                Patch Found     MS01-043        Q303984
                Patch Found     MS01-046        Q252795



Manually checking the certificate reveals that the domain issued to
the certificate does not match the domain of the web site.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23626] in bugtraq

Re: IE https certificate attack

daemon@ATHENA.MIT.EDU (Geoff Joy)Wed Dec 26 21:37:43 2001

daemon@ATHENA.MIT.EDU (Geoff Joy)
Wed Dec 26 21:37:43 2001