CVE-2014-2783

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 7 through 11

Description The issue is related to the improper enforcement of Extended Validation (EV) SSL Certificate guidelines, which disallow the use of wildcard certificates. This could allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority. An attacker could bypass EV SSL certificate guidelines by using a wildcard certificate. EV SSL certificates issued by Certificate Authorities (CA) in compliance with Extended Validation (EV) SSL Certificate guidelines cannot be used to exploit this issue.

Recommendations For Microsoft Internet Explorer versions 7 through 11, consider disabling the use of wildcard EV SSL certificates as a temporary workaround until a patch is available. Restrict access to websites using wildcard certificates to minimize the risk of exploitation. Avoid relying solely on EV SSL certificate guidelines for trust validation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.