Vulnerability Description
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | - |
| Microsoft | Windows 98 | - |
| Microsoft | Windows 98Se | - |
| Microsoft | Windows Me | - |
| Microsoft | Windows Nt | 4.0 |
| Microsoft | Windows Xp | - |
| Microsoft | Internet Explorer | - |
| Microsoft | Office | - |
| Microsoft | Outlook Express | - |
| Apple | Macos | - |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=102866120821995&w=2Mailing List
- http://marc.info/?l=bugtraq&m=102918200405308&w=2Mailing List
- http://marc.info/?l=bugtraq&m=102976967730450&w=2Mailing List
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-05PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9776Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
- http://marc.info/?l=bugtraq&m=102866120821995&w=2Mailing List
- http://marc.info/?l=bugtraq&m=102918200405308&w=2Mailing List
- http://marc.info/?l=bugtraq&m=102976967730450&w=2Mailing List
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-05PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9776Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
FAQ
What is CVE-2002-0862?
CVE-2002-0862 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac...
How severe is CVE-2002-0862?
CVE-2002-0862 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0862?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 98, Microsoft Windows 98Se, Microsoft Windows Me, Microsoft Windows Nt.