Man-in-the-Middle Vulnerability in Microsoft Internet Explorer
CVE-2009-2069

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Internet Explorer
Vendor: CVE Published:; 15 June 2009

Summary

Earlier versions of Microsoft Internet Explorer, specifically prior to version 8, are susceptible to a man-in-the-middle vulnerability. This occurs when the browser caches an SSL certificate from an arbitrary HTTPS site after initially accessing it through a proxy server. Subsequently, an attacker can exploit this by returning a 502 response page, which may allow them to present a crafted page to the user. This manipulation can result in the spoofing of legitimate websites, thereby compromising the confidentiality and integrity of user communications.

References

http://research.microsoft.com/pubs/79323/pbp-final-with-u...

x_refsource_MISC

http://www.securityfocus.com/bid/35411

vdb-entryx_refsource_BID

http://research.microsoft.com/apps/pubs/default.aspx?id=7...

x_refsource_MISC

Timeline

Vulnerability published
Jun 15, 2009
Vulnerability Reserved
Jun 15, 2009