Summary
The host is installed with Microsoft Windows operating system and is prone to spoofing vulnerability.
This NVT has been superseded by KB2641690 Which is addressed in NVT gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl (OID:1.3.6.1.4.1.25623.1.0.802403).
Impact
Successful exploitation will allow remote attackers to spoof content, perform phishing attacks or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.
Impact Level: System
Solution
Apply the Patch from below link,
For updates refer to http://support.microsoft.com/kb/2607712
Insight
The flaw is due to an error when handling the fraudulent digital certificates issued by Comodo and it is not properly validating its identity.
Affected
Windows 7 Service Pack 1 and prior
Windows XP Service Pack 3 and prior
Windows Vista Service Pack 2 and prior
Windows Server 2003 Service Pack 2 and prior
Windows Server 2008 Service Pack 2 and prior
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)
- Opera relative path directory traversal file corruption vulnerability
- Microsoft RDP Server Private Key Information Disclosure Vulnerability
- Mozilla/Firefox default installation file permission flaw
- Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability