| Vulnerability Name: | CCN-6265 |
| Published: | 2001-03-22 |
| Updated: | 2001-03-22 |
| Summary: | VeriSign, Inc. has issued two digital certificates identified as Microsoft certificates to a person posing as a Microsoft employee. These certificates can be used to digitally sign programs, such as ActiveX controls and Office macros using the name "Microsoft Corporation". An attacker could use these certificates for social engineering, such as persuading victims to run a malicious program by using one of the invalid digital signatures to convince them that it is an official Microsoft program. |
| CVSS v3 Severity: | |
| CVSS v2 Severity: | |
| Vulnerability Consequences: | Other |
| References: | Source: CCN Type: McAfee Virus Summary Invalid Certificate Source: CCN Type: CERT Advisory CA-2001-04 Unauthentic "Microsoft Corporation" Certificates Source: CCN Type: CIAC Information Bulletin L-062 Erroneous Verisign-Issued Digital Certificates for Microsoft Source: CCN Type: US-CERT VU#869360 Unauthentic Microsoft Corporation certificates issued by Verisign to an unidentifed person Source: CCN Type: Microsoft Security Bulletin MS01-017 Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard Source: CCN Type: Microsoft Security Bulletin MS01-033 Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise Source: CCN Type: Microsoft Security Bulletin MS01-041 Malformed RPC Request Can Cause Service Failure Source: CCN Type: Microsoft Security Bulletin MS01-044 15 August 2001 Cumulative Patch for IIS Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Source: CCN Type: Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services (Q319733) Source: CCN Type: National Infrastructure Protection Center Advisory 01-006 Warning Not To Accept VeriSign Microsoft Digital Certificates dated January 29-30, 2001 Source: CCN Type: SonicWALL Security Alert Fraudulent Microsoft Digital Certificates Source: CCN Type: Symantec SARC Security Alert, 23 March, 2001 Fraudulent Microsoft Digital Certificates allow potential Spoofing Hazard Source: CCN Type: VeriSign Security Notice, March 22, 2001 VeriSign Security Alert Fraud Detected in Authenticode Code Signing Certificates Source: XF Type: UNKNOWN microsoft-invalid-digital-certificates(6265) Source: CCN Type: Microsoft Knowledge Base Article 293817 How to Recognize Erroneously Issued VeriSign Code-Signing Certificates |
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable |
| BACK | |