Discovered by ACROS Penetration Team <[email protected]> and publicized in a Microsoft Security Bulletin (MS00-039) on June 5, 2000.
Vulnerable:
Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
-
Microsoft Windows NT 4.0
-
Microsoft Windows NT 4.0
Microsoft Internet Explorer 5.0.1 for Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
Microsoft Internet Explorer 5.0.1 for Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 95
Microsoft Internet Explorer 5.0.1 for Windows 2000
+
Microsoft Windows 2000 Professional SP2
+
Microsoft Windows 2000 Professional SP2
+
Microsoft Windows 2000 Professional SP1
+
Microsoft Windows 2000 Professional SP1
+
Microsoft Windows 2000 Professional SP1
+
Microsoft Windows 2000 Professional
+
Microsoft Windows 2000 Professional
+
Microsoft Windows 2000 Professional
+
Microsoft Windows 2000 Terminal Services
+
Microsoft Windows 2000 Terminal Services
+
Microsoft Windows 2000 Terminal Services
Microsoft Internet Explorer 4.0.1 for Windows NT 4.0
-
Microsoft Windows NT 4.0
-
Microsoft Windows NT 4.0
Microsoft Internet Explorer 4.0.1 for Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
Microsoft Internet Explorer 4.0.1
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 alpha
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
Microsoft Internet Explorer 5.0 for Windows NT 4
+
Microsoft Windows NT 4.0
+
Microsoft Windows NT 4.0
Microsoft Internet Explorer 5.0 for Windows 98
+
Microsoft Windows 98
+
Microsoft Windows 98
Microsoft Internet Explorer 5.0 for Windows 95
+
Microsoft Windows 95
+
Microsoft Windows 95
Microsoft Internet Explorer 5.0 for Windows 2000
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
Microsoft Internet Explorer 4.0 for Windows NT 4
+
Microsoft Windows NT 4.0
+
Microsoft Windows NT 4.0
Microsoft Internet Explorer 4.0 for Windows NT 3
-
Microsoft Windows NT 3.5.1
-
Microsoft Windows NT 3.5.1
Microsoft Internet Explorer 4.0 for Windows 95
+
Microsoft Windows 95
+
Microsoft Windows 95
Microsoft Internet Explorer 4.0
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 95
+
Microsoft Windows 98
+
Microsoft Windows 98
+
Microsoft Windows 98
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 alpha
-
Microsoft Windows NT Terminal Server 4.0 alpha
-
Microsoft Windows NT Terminal Server 4.0 alpha
-
Microsoft Windows NT Terminal Server 4.0 alpha
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
Not Vulnerable:
Discussion
Microsoft IE SSL Certificates Vulnerability
It is possible for a malicious website to establish an SSL connection to an Internet Explorer client with a forged certificate representing itself to be from a trusted site. Due to a flaw in the implementation of SSL certificate checks within Internet Explorer, not all contents of the certificate are verified when the connection is established from within an IFRAME. Once an SSL connection has been successfully established with a server, new SSL sessions with that server within the same browsing session are established without any certificate verification .
Solution / Fix
Microsoft IE SSL Certificates Vulnerability
Solution:
Microsoft has released a patch which rectifies this issue: