Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote malicious users to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet explorer 10 |
||
microsoft internet explorer 8 |
||
microsoft internet explorer 7 |
||
microsoft internet explorer 11 |
||
microsoft internet explorer 9 |
Looking past the 23 Critical Internet Explorer remote code execution vulnerabilities being patched this month by MS14-037 that require immediate attention, most interesting is CVE-2014-2783, the Internet Explorer “Extended Validation (EV) Certificate Security Feature Bypass Vulnerability”. The vulnerability itself, reported by Eric Lawrence of “Fiddler” fame, is applicable in a “corner case” situation and can lead to man-in-the-middle (MiTM) attacks. Let’s narrow down the complexit...