Lucene search
K

Microsoft Internet Explorer 6 - Meta Data Foreign Domain Spoofing

🗓️ 30 Apr 2004 00:00:00Reported by E.KellinisType 
exploitpack
 exploitpack
👁 18 Views

Vulnerability in Internet Explorer 6 allows certificate spoofing leading to potential web content falsification.

Code
source: https://www.securityfocus.com/bid/10248/info

A vulnerability has been reported in Microsoft Internet Explorer that may facilitate certificate spoofing. This issue could aid in attacks which falsify web content to victim users.

The cause of the vulnerability is that it is possible to embed a certificate and content from a foreign domain (via SSL) into a web page. When the web page is visited by the client user, the user will be prompted to authorize the certificate from the foreign domain. This will make it appear as though the web page they are visiting is in the foreign domain.

It should be noted that while the connection will appear to be secure, as denoted by the closed lock icon in the right bottom corner of the browser window, the spoofed certicate may not be manually inspected (by clicking the lock icon). The browser will return a message stating that the document does not have a certificate associated with it when the lock is clicked by the user. This may give an indication that the certificate has been spoofed.

This vulnerability may be exploited to entice a user to trust a hostile web page.

This issue has been reported in Microsoft Internet Explorer 6. Earlier versions may also be affected.


< html>
< head>
< title>Your Page Title</title>
< meta http-equiv="REFRESH"
content="0;url=https://www.example.com/">

< META HTTP-EQUIV="Content-Type" CONTENT="text/html;">

< /HEAD>
< BODY onUnload='window.location=""'>

< /BODY>
< /HTML>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation