VULHUB ™

Internet Explorer contains a vulnerability in the handling of server certificate verification. If IE is configured to check the CRL when a web server presents it's certificate, various other checks may not be performed. The omitted checks include expiration validation, whether the certificate issuer is a trusted authority and whether the name on the certificate matches the name the certificate is registered to. This vulnerability could enable an attacker's website to simulate a trusted site; therefore, a user may view and utilize various features available on the web site assuming that the site they are visiting is legitimate. **It has been reported that this vulnerability may not have been properly fixed or that a later patch has disabled the patch for this vulnerability. Posts to the Bugtraq list suggest that fully patched versions of Internet Explorer 6 are still vulnerable to this issue.

Internet Explorer contains a vulnerability in the handling of server certificate verification. If IE is configured to check the CRL when a web server presents it's certificate, various other checks may not be performed. The omitted checks include expiration validation, whether the certificate issuer is a trusted authority and whether the name on the certificate matches the name the certificate is registered to. This vulnerability could enable an attacker's website to simulate a trusted site; therefore, a user may view and utilize various features available on the web site assuming that the site they are visiting is legitimate. **It has been reported that this vulnerability may not have been properly fixed or that a later patch has disabled the patch for this vulnerability. Posts to the Bugtraq list suggest that fully patched versions of Internet Explorer 6 are still vulnerable to this issue.