Vulnerability Details : CVE-2002-1183
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2002-1183
Probability of exploitation activity in the next 30 days: 52.41%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-1183
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2002-1183
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050
Microsoft Security Bulletin MS02-050 - Important | Microsoft Learn
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1059
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1455
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/9776
Multiple vendor SSL intermediate CA-signed certificate spoofing CVE-2009-0653 Vulnerability Report
-
http://www.securityfocus.com/bid/5410
Exploit;Patch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2108
Products affected by CVE-2002-1183
- cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*