CVE-2002-2125
medium
Microsoft CVSS v3 Base Score
6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS Score
2.2%
Exploitation probability in 30 days
Top 15% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
None
Published: December 31, 2002 (8535 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD
Vulnerability Report
Generated by CyberWatcher
Description
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
CWE
NVD-CWE-OtherAffected Products
microsoft iemicrosoft internet explorer