Windows, IE: incorrect validation of X.509
Synthesis of the vulnerability
An attacker can invite the victim to connect to a SSL site using a X.509 certificate with a malicious field, in order to deceive the victim.

Impacted products

• Microsoft Internet Explorer versions
• Microsoft Windows 2000 versions
• Microsoft Windows 2003 versions
• Microsoft Windows 2008 versions
• Microsoft Windows 7 versions
• Microsoft Windows Vista versions
• Microsoft Windows XP versions

http://vigilance.fr/vulnerability/Windows-...n-of-X-509-9060