Certificate Spoofing Vulnerability in Microsoft CryptoAPI and Related Products
CVE-2002-0862

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express; Konqueror; Ie For Macintosh; Office
Vendor: CVE Published:; 4 October 2002

Summary

The vulnerability in Microsoft's CryptoAPI arises from the improper verification of the Basic Constraints of intermediate CA-signed X.509 certificates. This flaw affects various Microsoft products, including Windows 98, Windows XP, Office for Mac, and Internet Explorer and Outlook Express for Mac. Attackers could exploit this weakness to perform man-in-the-middle attacks, allowing them to spoof certificates for trusted sites during SSL sessions, which can compromise sensitive data and user privacy.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://marc.info/?l=bugtraq&m=102918200405308&w=2

mailing-listx_refsource_BUGTRAQ

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Aug 15, 2002