Summary
Hotfix to fix Certificate Validation Flaw (Q329115) is not installed.
The vulnerability could enable an attacker who had a valid end-entity certificate to issue a
subordinate certificate that, although bogus,
would nevertheless pass validation. Because
CryptoAPI is used by a wide range of applications, this could enable a variety of identity spoofing
attacks.
Impact of vulnerability: Identity spoofing.
Maximum Severity Rating: Critical
Recommendation: Administrators should install the patch immediately.
Affected Software:
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0, Terminal Server Edition Microsoft Windows 2000
Microsoft Windows XP
Microsoft Office for Mac
Microsoft Internet Explorer for Mac
Microsoft Outlook Express for Mac
See
http://www.microsoft.com/technet/security/bulletin/ms02-050.mspx
Severity
Classification
-
CVE CVE-2002-0862, CVE-2002-1183 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
- Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
- Cumulative Security Update for Internet Explorer (961260)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)