CVE-2002-1183

Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/5410	Exploit Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050
https://exchange.xforce.ibmcloud.com/vulnerabilities/9776
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1059
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2108
http://www.securityfocus.com/bid/5410	Exploit Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050
https://exchange.xforce.ibmcloud.com/vulnerabilities/9776
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1059
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2108

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_98::gold::::::*
	cpe:2.3:o:microsoft:windows_98se::::::::
	cpe:2.3:o:microsoft:windows_nt:4.0:::::::*

History

No history.

Information

Published : 2002-12-11 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2002-1183

Mitre link : CVE-2002-1183

CVE.ORG link : CVE-2002-1183

JSON object : View

Products Affected

microsoft

windows_nt
windows_98
windows_98se

CWE

NVD-CWE-Other

{"id": "CVE-2002-1183", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-12-11T05:00:00.000", "references": [{"url": "http://www.securityfocus.com/bid/5410", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9776", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1059", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1455", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2108", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5410", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9776", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1059", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1455", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2108", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka \"New Variant of Certificate Validation Flaw Could Enable Identity Spoofing\" (CAN-2002-0862)."}, {"lang": "es", "value": "Microsoft Windows 98 y Windows NT 4.0 no verifican las Restricciones B\u00e1sicas de certificados digitales, permitiendo a atacantes remotos ejecutar c\u00f3digo, tambi\u00e9n conocida como \"Nueva Variante de Fallo en Validaci\u00f3n de Certificado Podr\u00eda Permitir Suplantaci\u00f3n de Identidad\" (CAN-2002-0862)."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880"}, {"criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F"}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}