Vulnerability

    IE

Affected

    IE

Description

    Following  is  based  on  a  Microsoft Security Bulletin MS01-027.
    A  patch   is  available   to  eliminate   two  newly   discovered
    vulnerabilities affecting Internet  Explorer, both of  which could
    enable  an  attacker  to  spoof  trusted  web  sites.   The  first
    vulnerability involves how  digital certificates from  web servers
    are  validated.  When  CRL  checking  for  such  certificates   is
    enabled, it  could be  possible for  any or  all of  the following
    checks to no longer be performed:

        - Verification that the certificate has not expired
        - Verification that  the server name  matches the name  on the
          certificate
        - Verification that the issuer of the certificate is trusted

    The vulnerability only affects  how certificates from web  servers
    are validated.  It  does not affect how  code-signing certificates
    or any other type of certificate are validated.

    The specific checks that might be bypassed vary with both the user
    and the  actions she  may have  taken during  the current browsing
    session.   An  attacker  could  not  predict  with  any  degree of
    certainty which checks might be bypassed in a particular case.

    The vulnerability does not provide  any way to force users  to the
    attacker's web site.  It  is likely that this vulnerability  could
    only be exploited in  conjunction with a successful  DNS poisoning
    or similar attack.

    The second vulnerability  could enable a  web page to  display the
    URL  from  a  different  web  site  in  the  IE  address bar. This
    spoofing  could  occur  within  a  valid  SSL  session  with   the
    impersonated  site.   Both   vulnerabilities  could  be  used   to
    convince  a  user  that  the  attacker's  web  site was actually a
    different one  - one  that the  user presumably  trusts and  would
    provide sensitive information  to.  However,  as discussed in  the
    Mitigating  Factors  section  below,  there  would  be significant
    hurdles to exploiting either vulnerability.

    Like the vulnerability above, this vulnerability would not provide
    any  way  to  force  users  to  the  attacker's  web site, and DNS
    poisoning or other  measures would likely  be required to  exploit
    it.

    Any hyperlinks within  the page would  correctly show the  target.
    As a result, the attacker would  need to point these to bona  fide
    locations  on  the  spoofed  web  site,  with  the result that the
    attacker would  likely only  be able  to spoof  a single web page,
    rather than an entire site.

    In addition to eliminating the two new vulnerabilities, the  patch
    also  eliminates  two  new  variants  of  a  previously  discussed
    vulnerability,  the  "Frame  Domain  Verification"  vulnerability,
    which  originally  was  discussed  in  Microsoft Security Bulletin
    MS00-033.   Like   the  original  version,   these  new   variants
    vulnerability could enable a  malicious web site operator  to open
    two browser windows,  one in the  web site's domain  and the other
    on the user's local file system, and to pass information from  the
    latter to the former.  This could enable the web site operator  to
    read any file  on the user's  local computer that  could be opened
    in a browser window.

    The  patch  also  incorporates  the  functionality  of  the  patch
    provided in Microsoft Security Bulletin MS01-020.

Solution

    A patch is available to  fix this vulnerability.  Please  read the
    Security Bulletin:

        http://www.microsoft.com/technet/security/bulletin/ms01-027.asp

    for information on obtaining this patch.