CVE-2002-0862

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 98 through XP Office for Mac (affected versions not specified) Internet Explorer for Mac (affected versions not specified) Outlook Express for Mac (affected versions not specified)

Description: The issue concerns the CryptoAPI within Microsoft products, where the CertGetCertificateChain, CertVerifyCertificateChainPolicy, and WinVerifyTrust APIs do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates. This allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions.

Recommendations: For Microsoft Windows versions 98 through XP, update to a version that includes the fix for this issue. For Office for Mac, restrict access to SSL sessions until a patch is available. For Internet Explorer for Mac, avoid using SSL sessions until the issue is resolved. For Outlook Express for Mac, consider disabling the use of X.509 certificates until a fix is provided. As a temporary workaround, consider restricting SSL sessions to minimize the risk of exploitation.