lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061103180048.25963.qmail@securityfocus.com> Date: 3 Nov 2006 18:00:48 -0000 From: inge_eivind.henriksen@...llo.no To: bugtraq@...urityfocus.com Subject: IE7 website security certificate discrediting exploit ** Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/ ** Advisory Name: IE7 website security certificate discrediting exploit Tested and Confirmed Vulnerable: Microsoft(R) Internet Explorer(R) 7 Severity: Low Type: Spoof >From where: Remote Discovered by: Inge Henriksen (http://ingehenriksen.blogspot.com/) Vendor Status: Notified Overview: It is possible to create a link in Microsoft(R) Internet Explorer(R) 7 that discredits a websites security certificate. The bad design is in the ieframe.dll's embedded invalidecert.htm. Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/