CVE DATABASE / CVE-2002-0862
CVE-2002-0862
Summary
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
CVSS 2.0 breakdown
| Base score | 6.8 (MEDIUM) |
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Attack vector | NETWORK |
| Attack complexity | MEDIUM |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=102866120821995&w=2
- http://marc.info/?l=bugtraq&m=102918200405308&w=2
- http://marc.info/?l=bugtraq&m=102976967730450&w=2
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9776
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1332
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2671
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.