Velmi kritická chyba v MSIE se SP2, umož?nující rhybá??m podvržení SSL webu
20.12.2004Security researcher Paul from the Greyhats research group has published details of an Internet Explorer cross-site scripting vulnerability that could allow an attacker to spoof the address line and the padlock symbol used to signify an SSL (secure sockets layer) connection. The flaw lies in the DHTML (Dynamic Hypertext Markup Language) Edit ActiveX control. Since the flaw is found in the browser, the attack can be used to spoof any website. The user would see the legitimate site's web address and a certificate for the malicious site. Secunia's Thomas Kristensen says it is odd that Paul chose to publish the flaw without informing Microsoft. The flaw affects Internet Explorer, even on systems with Service Pack 2. Secunia has rated the flaw as "moderately critical."
Zdroj: http://news.zdnet.co.uk/internet/security/0,39020375,39181466,00.htmAutor: VK