oval:org.mitre.oval:def:2671

Definition Id: oval:org.mitre.oval:def:2671

Oval ID:	oval:org.mitre.oval:def:2671
Title:	Windows 2000 Certificate Validation Identity Spoofing Vulnerability (Test 2)
Description:	The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2002-0862	Version:	6
Platform(s):	Microsoft Windows 2000	Product(s):	Certificate Validation
Definition Synopsis:
Windows 2000 (sp3 or earlier) is installed Windows 2000 is installed AND NOT Win2K/XP/2003 service pack 4 (or later) is installed AND the version of cryptdlg.dll is less then 5.0.1558.6072 AND NOT the patch Q329115 is installed AND NOT the patch kb835732 is installed