Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1183 — Microsoft Windows NT vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

11.9%

top 6.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows NT

Timeline

PublishedDec 11

Latest updateApr 30

Description

Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-c4v9-9c8q-335m: Microsoft Windows 98 and Windows NT 4↗2022-04-30

▶

CVEList

CVE-2002-1183: Microsoft Windows 98 and Windows NT 4↗2004-09-01

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain↗2002-08-06

▶