Let [Formula: see text] be an RSA public key with private exponent [Formula: see text] where [Formula: see text] and [Formula: see text] are large primes of the same bit size. At Eurocrypt 96, Coppersmith presented a polynomial-time algorithm for finding small roots of univariate modular equations based on lattice reduction and then succussed to factorize the RSA modulus. Since then, a series of attacks on the key equation [Formula: see text] of RSA have been presented. In this paper, we show that many of such attacks can be unified in a single attack using a new notion called Coppersmith’s interval. We determine a Coppersmith’s interval for a given RSA public key [Formula: see text] The interval is valid for any variant of RSA, such as Multi-Prime RSA, that uses the key equation. Then we show that RSA is insecure if [Formula: see text] provided that we have approximation [Formula: see text] of [Formula: see text] with [Formula: see text] [Formula: see text] The attack is an extension of Coppersmith’s result.