Microsoft IE SSL Certificates Vulnerability

It is possible for a malicious website to establish an SSL connection to an Internet Explorer client with a forged certificate representing itself to be from a trusted site. Due to a flaw in the implementation of SSL certificate checks within Internet Explorer, not all contents of the certificate are verified when the connection is established from within an IFRAME. Once an SSL connection has been successfully established with a server, new SSL sessions with that server within the same browsing session are established without any certificate verification .


 

Privacy Statement
Copyright 2010, SecurityFocus