Summary
The host is installed with Microsoft Windows operating system and is prone to digital certificate key length spoofing vulnerability.
Impact
Successful exploitation will allow remote attackers to spoof content, perform phishing attacks or perform man-in-the-middle attacks.
Impact Level: System
Solution
Apply the Patch from below link,
http://technet.microsoft.com/en-us/security/advisory/2661254
Insight
The private keys used in digital certificate with RSA keys less than 1024 bits in length can be derived and could allow an attacker to duplicate the certificates. An duplicate certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
Affected
Microsoft Windows XP x32 Edition Service Pack 3 and prior Microsoft Windows XP x64 Edition Service Pack 2 and prior Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft Update to Improve Cryptography and Digital Certificate Handling (2854544)
- Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
- Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability
- Orbit Downloader File Deletion ActiveX Vulnerability
- Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability