{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/22482#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT Advisory CA-2000-08, but they have a similar impact. Digital certificates are small documents used to authenticate and encrypt information transmitted over the Internet. One very common use of digital certificates is to secure electronic commerce transactions through SSL (Secure Socket Layer). The kind of certificates used in e-commerce transactions are called X.509 certificates. The X.509 certificates help a web browser and the user ensure that sensitive information transmitted over the Internet is readable only by the intended recipient. This requires verifying the recipient's identity and encrypting data so that only the recipient can decrypt it. The \"padlock\" icon used by Internet Explorer (as well as Netscape and other browsers) is an indication that an SSL-secured transaction has been established to someone. It does not necessarily indicate to whom the connection has been established. Internet Explorer (and other browsers) take steps to warn users when DNS-based information conflicts with the strongly authenticated information contained in the X.509 certificates used in SSL transactions. These warnings are supplemental information to help users decide if they're connecting to whom they think they are connecting. These steps and warnings are designed to protect against attacks on the DNS information.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/22482"}],"title":"IE fails to check certificates properly if initial SSL connection originates in an IFRAME or Image","tracking":{"current_release_date":"2001-09-19T04:01:25+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#22482","initial_release_date":"2000-06-05 00:00:00+00:00","revision_history":[{"date":"2001-09-19T04:01:25+00:00","number":"1.20010919040125.9","summary":"Released on 2001-09-19T04:01:25+00:00"}],"status":"final","version":"1.20010919040125.9"}},"vulnerabilities":[{"notes":[{"category":"general","text":"No vulnerabilities have been defined at this time for this report"}]}]}