CVE-2002-0862

Published: Oct 4, 2002Modified: Apr 16, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.

Affected (10)

Products: Microsoft: Windows 2000, Windows 98, Windows 98se, Windows Me, Windows Nt, Windows Xp, Internet Explorer, Office, Outlook Express

9 products

Internet Explorer

Outlook Express

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows 98	All versions
Microsoft Windows 98se	All versions
Microsoft Windows Me	All versions
Microsoft Windows Nt	Version 4.0
Microsoft Windows Nt	Version 4.0
Microsoft Windows Xp	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	All versions
Microsoft Office	All versions
Microsoft Outlook Express	All versions

Running on/with	Platform Versions
Apple Macos	All versions

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (16)

http://marc.info/?l=bugtraq&m=102866120821995&w=2

Source: cve@mitre.org

Mailing List

http://marc.info/?l=bugtraq&m=102918200405308&w=2

Source: cve@mitre.org

Mailing List

http://marc.info/?l=bugtraq&m=102976967730450&w=2

Source: cve@mitre.org

Mailing List

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/9776

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056

Source: cve@mitre.org

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1332

Source: cve@mitre.org

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2671

Source: cve@mitre.org

Broken Link

http://marc.info/?l=bugtraq&m=102866120821995&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://marc.info/?l=bugtraq&m=102918200405308&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://marc.info/?l=bugtraq&m=102976967730450&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/9776

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1332

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2671

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.