CVE-2002-1183

Microsoft Windows 98 and Windows NT 4.0 - Remote Code Execution via Certificate Validation Flaw

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1183. PoCs published by Mike Benham.

AI-analyzed exploit summary The writeup describes a vulnerability in X.509 certificate handling by multiple products, including Microsoft Internet Explorer and KDE's Konqueror, where intermediate certificates lacking the Basic Constraints field can be exploited to spoof domains or perform man-in-the-middle attacks.

Description

Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).

Exploits (1)

exploitdb WRITEUP VERIFIED
by Mike Benham · textremotewindows
https://www.exploit-db.com/exploits/21692

The writeup describes a vulnerability in X.509 certificate handling by multiple products, including Microsoft Internet Explorer and KDE's Konqueror, where intermediate certificates lacking the Basic Constraints field can be exploited to spoof domains or perform man-in-the-middle attacks.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Internet Explorer, KDE Konqueror (versions 3.0.2 and earlier), IIS 5.0 under Windows 2000
No auth needed
Prerequisites: A valid certificate to sign a new certificate for an arbitrary domain
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/9776
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5410
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2108
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1455
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1059

Scores

EPSS 0.1934
EPSS Percentile 97.0%

Details

Status published
Products (3)
microsoft/windows_98
microsoft/windows_98se
microsoft/windows_nt 4.0
Published Dec 11, 2002
Tracked Since Feb 18, 2026