VULHUB ™

It is reported that Microsoft Windows 2000/XP does not verify the integrity of CRL (Certificate Revocation Lists) files prior to accepting them as valid. A local attacker, who has sufficient privileges to write to a CRL file, may exploit this vulnerability to deny X.509 based services to legitimate users. This BID will be updated as further analysis of this vulnerability is completed.

It is reported that Microsoft Windows 2000/XP does not verify the integrity of CRL (Certificate Revocation Lists) files prior to accepting them as valid. A local attacker, who has sufficient privileges to write to a CRL file, may exploit this vulnerability to deny X.509 based services to legitimate users. This BID will be updated as further analysis of this vulnerability is completed.