Summary
Hotfix to fix Certificate Validation Flaw (Q329115) is not installed.
The vulnerability could enable an attacker who had a valid end-entity certificate to issue a
subordinate certificate that, although bogus,
would nevertheless pass validation. Because
CryptoAPI is used by a wide range of applications, this could enable a variety of identity spoofing
attacks.
Impact of vulnerability: Identity spoofing.
Maximum Severity Rating: Critical
Recommendation: Administrators should install the patch immediately.
Affected Software:
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0, Terminal Server Edition Microsoft Windows 2000
Microsoft Windows XP
Microsoft Office for Mac
Microsoft Internet Explorer for Mac
Microsoft Outlook Express for Mac
See
http://www.microsoft.com/technet/security/bulletin/ms02-050.mspx
Severity
Classification
-
CVE CVE-2002-0862, CVE-2002-1183 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
- Buffer Overrun in Messenger Service (828035)
- Microsoft .NET Framework Remote Code Execution Vulnerability (3000414)
- Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability