First published: Tue Sep 10 2002(Updated: )
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Outlook Express | =5.0 | |
KDE Konqueror | =3.0.2 | |
Microsoft Ie For Macintosh | =5.1 | |
Microsoft Office | =2001-sr1 | |
Microsoft Internet Information Services | =5.0 | |
KDE Konqueror | =2.2.2 | |
KDE Konqueror | =3.0 | |
Microsoft Outlook Express | =5.0 | |
KDE Konqueror | =3.0.1 | |
Adam Megacz Tinyssl | =1.0.2 | |
Microsoft Outlook Express | =5.0.2 | |
Microsoft Office | =2001 | |
Microsoft Office | =98 | |
Microsoft Ie For Macintosh | =5.1.1 | |
Microsoft Office | =v.x | |
Microsoft Outlook Express | =4.5 | |
Microsoft Outlook Express | =5.0.3 | |
Microsoft Outlook Express | =5.0.1 | |
Microsoft Ie For Macintosh | =5.0 | |
Microsoft Internet Explorer | =5.5-sp2 | |
Microsoft Internet Explorer | =5.0 | |
Microsoft Internet Explorer | =5.0.1 | |
Microsoft Internet Explorer | =5.0.1-sp2 | |
Microsoft Internet Explorer | =5.0.1-sp1 | |
Microsoft Internet Explorer | =5.5 | |
Microsoft Internet Explorer | =5.5-sp1 | |
Microsoft Internet Explorer | =6.0 | |
KDE KDE | =2.2.1 | |
Microsoft Windows NT | =4.0 | |
Microsoft Windows NT | =4.0-sp4 | |
Microsoft Windows 2000 Terminal Services | =sp1 | |
KDE KDE | =3.0.2 | |
Baltimore Technologies Mailsecure | ||
Microsoft Windows NT | =4.0-sp2 | |
Microsoft Windows NT | =4.0 | |
Microsoft Windows NT | =4.0-sp5 | |
Microsoft Windows XP | =gold | |
Microsoft Windows 2000 | ||
Microsoft Windows NT | =4.0-sp6 | |
Microsoft Windows XP | ||
Microsoft Windows NT | =4.0-sp6 | |
KDE KDE | =3.0.1 | |
Microsoft Windows NT | =4.0-sp6a | |
Microsoft Windows NT | =4.0-sp1 | |
Microsoft Windows 98SE | ||
Microsoft Windows NT | =4.0-sp2 | |
Microsoft Windows 2000 | =sp2 | |
Microsoft Windows NT | =4.0-sp1 | |
Microsoft Windows NT | =4.0-sp4 | |
Microsoft Windows NT | =4.0-sp3 | |
Microsoft Windows NT | =4.0-sp4 | |
Microsoft Windows 2000 Terminal Services | =sp3 | |
Microsoft Windows NT | =4.0-sp6a | |
KDE KDE | =3.0 | |
Microsoft Windows NT | =4.0 | |
Microsoft Windows NT | =4.0-sp6a | |
Microsoft Windows NT | =4.0-sp6 | |
Microsoft Windows NT | =4.0-sp1 | |
Microsoft Windows 2000 | =sp1 | |
Microsoft Windows XP | ||
KDE KDE | =2.2.2 | |
Microsoft Windows Me | ||
Microsoft Windows NT | =4.0-sp2 | |
Microsoft Windows NT | =4.0-sp5 | |
Microsoft Windows NT | =4.0-sp3 | |
Microsoft Windows 2000 Terminal Services | ||
Microsoft Windows NT | =4.0-sp3 | |
Microsoft Windows NT | =4.0-sp5 | |
Microsoft Windows 98 | =gold | |
Microsoft Windows 2000 Terminal Services | =sp2 | |
Microsoft Windows XP | =gold | |
Microsoft Windows 2000 | =sp3 | |
Microsoft Windows 2000 | ||
Microsoft Windows 98 | ||
Microsoft Windows 98SE | ||
Microsoft Windows Me | ||
Microsoft Windows NT | =4.0 | |
Microsoft Windows NT | =4.0 | |
Microsoft Windows XP | ||
All of | ||
Any of | ||
Microsoft Internet Explorer | ||
Microsoft Office | ||
Microsoft Outlook Express | ||
Apple macOS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.