Lucene search

K
cveMicrosoftCVE-2013-3900
HistoryDec 11, 2013 - 12:55 a.m.

CVE-2013-3900

2013-12-1100:55:03
CWE-20
microsoft
web.nvd.nist.gov
2473
In Wild
4
26
windows
microsoft
winverifytrust
vulnerability
authenticode
signature
remote code execution
cve-2013-3900

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.739

Percentile

98.2%

The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka “WinVerifyTrust Signature Validation Vulnerability.”

Affected configurations

Nvd
Node
microsoftwindows_10Match-
OR
microsoftwindows_10Match20h2
OR
microsoftwindows_10Match21h1
OR
microsoftwindows_10Match21h2
OR
microsoftwindows_10Match1607
OR
microsoftwindows_10Match1809
OR
microsoftwindows_10Match1909
OR
microsoftwindows_11Match-arm64
OR
microsoftwindows_11Match-x64
OR
microsoftwindows_7Match-sp1
OR
microsoftwindows_8.1Match-
OR
microsoftwindows_rt_8.1Match-
OR
microsoftwindows_server_2003Match-sp2itanium
OR
microsoftwindows_server_2003Match-sp2x64
OR
microsoftwindows_server_2008Match-sp2
OR
microsoftwindows_server_2008Matchr2sp1x64
OR
microsoftwindows_server_2012Match-
OR
microsoftwindows_server_2012Matchr2
OR
microsoftwindows_server_2016Match-
OR
microsoftwindows_server_2019Match-
OR
microsoftwindows_server_2022Match-
OR
microsoftwindows_vistaMatch-sp2-x64
OR
microsoftwindows_xpMatch-sp2professionalx64
OR
microsoftwindows_xpMatch-sp3
VendorProductVersionCPE
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
microsoftwindows_1020h2cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*
microsoftwindows_1021h1cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*
microsoftwindows_1021h2cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
microsoftwindows_101809cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
microsoftwindows_101909cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
microsoftwindows_11-cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*
microsoftwindows_11-cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Rows per page:
1-10 of 241

Social References

More

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.739

Percentile

98.2%