Summary
Hotfix to fix Certificate Validation Flaw (Q329115) is not installed.
The vulnerability could enable an attacker who had a valid end-entity certificate to issue a
subordinate certificate that, although bogus,
would nevertheless pass validation. Because
CryptoAPI is used by a wide range of applications, this could enable a variety of identity spoofing
attacks.
Impact of vulnerability: Identity spoofing.
Maximum Severity Rating: Critical
Recommendation: Administrators should install the patch immediately.
Affected Software:
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0, Terminal Server Edition Microsoft Windows 2000
Microsoft Windows XP
Microsoft Office for Mac
Microsoft Internet Explorer for Mac
Microsoft Outlook Express for Mac
See
http://www.microsoft.com/technet/security/bulletin/ms02-050.mspx
Severity
Classification
-
CVE CVE-2002-0862, CVE-2002-1183 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
- Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
- Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability
- Microsoft DirectShow Remote Code Execution Vulnerability (2845187)
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)