CVE-2002-1183
Microsoft Windows 98 and Windows NT 4.0 - Remote Code Execution via Certificate Validation Flaw
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1183. PoCs published by Mike Benham.
AI-analyzed exploit summary The writeup describes a vulnerability in X.509 certificate handling by multiple products, including Microsoft Internet Explorer and KDE's Konqueror, where intermediate certificates lacking the Basic Constraints field can be exploited to spoof domains or perform man-in-the-middle attacks.
Description
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
Exploits (1)
The writeup describes a vulnerability in X.509 certificate handling by multiple products, including Microsoft Internet Explorer and KDE's Konqueror, where intermediate certificates lacking the Basic Constraints field can be exploited to spoof domains or perform man-in-the-middle attacks.