The host is installed with Microsoft Windows operating system and is prone to spoofing vulnerability. This NVT has been superseded by KB2641690 Which is addressed in NVT gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl (OID:1.3.6.1.4.1.25623.1.0.802403).

Successful exploitation will allow remote attackers to spoof content, perform phishing attacks or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. Impact Level: System

Apply the Patch from below link, For updates refer to http://support.microsoft.com/kb/2607712

The flaw is due to an error when handling the fraudulent digital certificates issued by Comodo and it is not properly validating its identity.

Windows 7 Service Pack 1 and prior Windows XP Service Pack 3 and prior Windows Vista Service Pack 2 and prior Windows Server 2003 Service Pack 2 and prior Windows Server 2008 Service Pack 2 and prior

• http://support.microsoft.com/kb/2607712
• http://www.microsoft.com/technet/security/advisory/2607712.mspx

---

Updated on 2015-03-25