MS IE m?že zobrazit podvržený obsah reálného SSL-webu, SP k dispozici
13.10.2004Na uvedeném linku je k dispozici je ?ada SP pro r?zné verze Windows a IE.
Description: A vulnerability was reported in Microsoft Internet Explorer (IE) in the caching of SSL contents. A remote user can execute HTML and scripting code in the context of a secure web site.
Microsoft reported that IE does not properly validate content received from SSL-protected web sites.
A remote user can create a malicious web site with the same hostname as a valid SSL-protected site and redirect the target user's browser to the malicious web site, causing the remote user's content to be cached by the target user's browser. Then, when the target user visits the valid web site, some contents cached from the malicious web site may be loaded.
Microsoft credits Mitja Kolsek from ACROS Security with reporting this vulnerability.
Zdroj: http://www.securitytracker.com/alerts/2004/Oct/1011642.htmlAutor: VK