Summary
A vulnerability in the Certificate Enrollment
ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to delete digital certificates on a user's system
via HTML.
Impact of vulnerability: Denial of service
Maximum Severity Rating: Critical
Recommendation: Customers should install the patch immediately
Affected Software:
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP
See
http://www.microsoft.com/technet/security/bulletin/ms02-048.mspx
Severity
Classification
-
CVE CVE-2002-0699 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Active Directory Certificate Services Web Enrollment Elevation of Privilege Vulnerability (2518295)
- IE VBScript Handling patch (Q318089)
- Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
- Microsoft Windows Defender Privilege Elevation Vulnerability (2847927)
- Microsoft SQL Server Elevation of Privilege Vulnerability (2984340) - Remote