CVE-2002-0862

medium Microsoft
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
17.3%
Exploitation probability in 30 days
Top 5% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: October 4, 2002 (8623 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.

CWE

CWE-295

Affected Products

microsoft windows 2000microsoft windows 98microsoft windows 98semicrosoft windows memicrosoft windows ntmicrosoft windows xpmicrosoft internet explorermicrosoft officemicrosoft outlook express

References

🔗 marc.info 🔗 marc.info 🔗 marc.info 🔗 docs.microsoft.com 🔗 exchange.xforce.ibmcloud.com