Description
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
Related CPE's
o
microsoft
windows_10
o
microsoft
windows_11
o
microsoft
windows_server_2003
o
microsoft
windows_server_2008
o
microsoft
windows_server_2012
o
microsoft
windows_xp
CVSS impact metrics
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.6 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2013-12-11T00:55:03.693
10 years agoLast modified
2022-11-02T15:15:43.850
1 year ago