Microsoft Internet Explorer Extended Validation (EV) Certificate Vulnerability

Last Update Date: 9 Jul 2014 17:19 Release Date: 9 Jul 2014 3846 Views

RISK: High Risk

High Risk

TYPE: Clients - Browsers

TYPE: Browsers

A security feature bypass vulnerability exists in Internet Explorer because Extended Validation (EV) SSL Certificate guidelines, which disallow the use of wildcard certificates, are not properly enforced. An attacker could bypass EV SSL certificate guidelines by using a wildcard certificate. EV SSL certificates issued by Certificate Authorities (CA) in compliance with Extended Validation (EV) SSL Certificate guidelines cannot be used to exploit this vulnerability.

Impact

  • Remote Code Execution

System / Technologies affected

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

AVG Secure Search ActiveX Control Insecure Method Vulnerability

8 Jul 2014 3874 Views

Next

Microsoft Windows Journal Remote Code Execution Vulnerability

9 Jul 2014 3882 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY