Reported August 28, 2002, by Microsoft.
· Windows XP
· Windows 2000
· Windows NT 4.0
· Windows Me
· Windows 98 Second Edition (Win98SE)
· Windows 98
A vulnerability exists in all versions of Microsoft Windows that could allow a potential attacker to delete digital certificates located on a vulnerable system. This vulnerability results from a flaw in the Certificate Enrollment Control (CEC) ActiveX control that Windows uses to submit and store PKCS #10-compliant certificate requests in the user’s local certificate store. An attacker who successfully exploits the vulnerability could corrupt trusted root certificates, Encrypting File System (EFS) encryption certificates, email-signing certificates, and any other certificates on the vulnerable system.
Discovered by Microsoft.