CVE-2013-1451

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 8 and 9

Description The issue allows remote attackers to spoof web sites via a crafted HTML document. This is achieved by triggering many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host. The problem arises when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, causing inconsistency in the SSL lock icon with the Address bar.

Recommendations For Microsoft Internet Explorer versions 8 and 9, consider configuring the Proxy Settings to have distinct Proxy address and Port values in the HTTP and Secure rows to minimize the risk of exploitation. As a temporary workaround, users should be cautious of the SSL lock icon consistency with the Address bar when browsing websites.