CVE-2002-0862

Name: CVE-2002-0862
Creator: NVD / NIST
Published: 2002-10-04T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 18.68%

Last modified Jun 16, 2026

CVE-2002-0862 is a vulnerability of currently unknown severity. The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.. EPSS estimates a 18.68% chance of exploitation in the next 30 days.

Description

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.

Metrics

EPSS Probability

18.68%

96.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-295

Affected Software

Vendor	Product	Versions
Microsoft	Windows 2000	All versions
Microsoft	Windows 98	All versions
Microsoft	Windows 98se	All versions
Microsoft	Windows Me	All versions
Microsoft	Windows Nt	4.0
Microsoft	Windows Xp	All versions
Microsoft	Internet Explorer	All versions
Microsoft	Office	All versions
Microsoft	Outlook Express	All versions

References

http://marc.info/?l=bugtraq&m=102866120821995&w=2Mailing List
http://marc.info/?l=bugtraq&m=102918200405308&w=2Mailing List
http://marc.info/?l=bugtraq&m=102976967730450&w=2Mailing List
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/9776Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1332Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2671Broken Link
http://marc.info/?l=bugtraq&m=102866120821995&w=2Mailing List
http://marc.info/?l=bugtraq&m=102918200405308&w=2Mailing List
http://marc.info/?l=bugtraq&m=102976967730450&w=2Mailing List
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/9776Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1332Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2671Broken Link

Timeline

Published: Oct 4, 2002
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2002-0862?

How severe is CVE-2002-0862?

Severity scoring for CVE-2002-0862 is pending analysis. The EPSS model estimates a 18.68% probability of exploitation in the next 30 days.

How do I fix CVE-2002-0862?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2002-0862?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST