Test ID:	1.3.6.1.4.1.25623.1.0.900366
Category:	Windows
Title:	Microsoft Internet Explorer Web Script Execution Vulnerabilities
Summary:	Internet Explorer is prone to multiple web script execution vulnerabilities.
Description:	Summary: Internet Explorer is prone to multiple web script execution vulnerabilities. Vulnerability Insight: - Error exists while the HTTP Host header to determine the context of a document provided in a '4xx' or '5xx' CONNECT response from a proxy server, and these can be exploited by modifying the CONNECT response, aka an 'SSL tampering' attack. - Displays a cached certificate for a '4xx' or '5xx' CONNECT response page returned by a proxy server, which can be exploited by sending the browser a crafted 502 response page upon a subsequent request. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary web script and spoof an arbitrary https site by letting a browser obtain a valid certificate. Affected Software/OS: Microsoft Internet Explorer version prior to 8.0. Solution: Upgrade to latest version. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2057 http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf Common Vulnerability Exposure (CVE) ID: CVE-2009-2064 BugTraq ID: 35403 http://www.securityfocus.com/bid/35403 XForce ISS Database: ie-https-security-bypass(51186) https://exchange.xforce.ibmcloud.com/vulnerabilities/51186 Common Vulnerability Exposure (CVE) ID: CVE-2009-2069 BugTraq ID: 35411 http://www.securityfocus.com/bid/35411
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.