Title: Microsoft IE SSL Spoofing Vulnerability
Severity: HIGH
Description:
A vulnerability exists in Internet Explorer which could enable a replicated web site to appear as the actual trusted site. MSIE contains a vulnerability which may permit malicious webmasters to place an arbitrary value in the address bar. Malicious webmasters may exploit this vulnerability to create realistic looking 'spoofed' websites, with addresses of trusted websites in the location bar.
In addition, certain modifications to the web page could give the appearance an SSL session has been invoked, which would deter a visitor from questioning the validity of the site.
If a malicious user successfully duplicated a web site which would required confidential information (ie. bank account, credit card, PIN, etc.), and an unknowing visitor attempted to view the site, sensitive information could be revealed if the user is tricked into submitting this information.
Unfortunately, no other technical details have been provided.
Affected Products:
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Windows ME
References:
- Microsoft: Microsoft Security Bulletin MS01-027
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
