MS02-048: Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (323172)
Medium Nessus Plugin ID 11144
SynopsisIt is possible to delete digital certificates on the remote host.
DescriptionThe remote host contains a version of the Certificate Enrollment control that may allow an attacker to delete certificates.
To exploit this vulnerability an attacker must create a rogue web server with SSL and lure the user to visit this site.
SolutionMicrosoft has released a set of patches for Windows NT, 2000 and XP.