CVE-2002-0862

CVE Database · CVE-2002-0862

CVE-2002-0862

· N/AModified

CVSS v3.1

N/A

EPSS

15.76%

Published

Oct 4, 2002

Modified

Apr 15, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.

Weaknesses (CWE)

CWE-295

Affected Products (11)

microsoft · windows_2000vulnerable

microsoft · windows_98vulnerable

microsoft · windows_98sevulnerable

microsoft · windows_mevulnerable

microsoft · windows_ntvulnerable

microsoft · windows_xpvulnerable

microsoft · internet_explorervulnerable

microsoft · officevulnerable

microsoft · outlook_expressvulnerable