CVE-2002-0862 in Windowsinfo

Summary

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.

Once again VulDB remains the best source for vulnerability data.

Disclosure

10/04/2002

Moderation

VulDB entry created

Entries

VDB-18814 (1)

CPE

ready

CWE

CWE-290 (Confirmed)

Exploit

Download

CVSS

8.1

EPSS

0.17339

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2002-0862
NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0862
CVE Details	https://www.cvedetails.com/cve/CVE-2002-0862/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!