General 8066 Published by

Microsoft Security Bulletin MS00-039 announces the availability of a patch that eliminates two vulnerabilities in Microsoft:registered: Internet Explorer. The vulnerabilities could allow a malicious web site operator, under very unusual conditions, to misrepresent his web site as a trusted site.

What´s the scope of the vulnerabilities?

The vulnerabilities could allow a malicious web site operator to misrepresent his web site as a trusted web site, and engage in a secure session with the user as though his was the trusted site.

The vulnerabilities would be difficult to exploit, and would require that the malicious user already have significant control over the communications channel. Even then, it would represent a target of opportunity at best -- the malicious user could not compel anyone to connect to his server.

Read more