176 matches found
Manalyze - A static analyzer for PE executables
Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior. A static analyzer for PE files Manalyze was written in C++ for Windows and Linux and is released under the terms of the GPLv3 license . It is a robust parser for PE files with a flexible...
PE Executables Static Analyzer: Manalyze
PE Executables Static Analyzer Manalyze performs static analysis on PE files, in order to detect signs of malicious behavior. It is a versatile tool with a robust parser and a set of built-in tests, but can also be extended easily.Manalyze was written in C++ for Windows and Linux and is released...
CVE-2016-3986
Avast allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing...
Memory corruption
Avast allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing...
CVE-2016-3986
Avast allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing...
CVE-2016-3986
CVE-2016-3986 affects Avast Antivirus and is triggered by a crafted PE file, exploiting the authenticode parsing path to cause memory corruption and potentially execute arbitrary code. The vulnerability’s impact is a denial-of-service with memory corruption (and possible code execution). Affected...
Avast - Authenticode Parsing Memory Corruption
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=668 The attached PE file causes memory corruption in Avast, it looks related to authenticode parsing. 474.c0c: Access violation - code c0000005 first chance First chance...
Avast! - Authenticode Parsing Memory Corruption
Source: https://code.google.com/p/google-security-research/issues/detail?id=668 The attached PE file causes memory corruption in Avast, it looks related to authenticode parsing. 474.c0c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception...
Avast! - Authenticode Parsing Memory Corruption
Avast! - Authenticode Parsing Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=668 The attached PE file causes memory corruption in Avast, it looks related to authenticode parsing. 474.c0c: Access violation - code c0000005 first chance First chance...
Dell aeration eDellRoot root certificate Backdoor-vulnerability warning-the black bar safety net
Earlier this year, Lenovo computer was found loaded with the Superfish adware program, this software will increase the user vulnerable to hackers attack risk, the moment sparked a lot of discussion, and recently, the Duo lab security researcher in Dell Inspiron 1 4 Notebook found some strange...
Duqu 2.0 Attackers Used Stolen Foxconn Certificate to Sign Driver
The attackers behind the recently disclosed Duqu 2.0 APT have used stolen digital certificates to help sneak their malware past security defenses, and one of the certificates used in the attacks was issued to Foxconn, the Chinese company that manufactures products for Apple, BlackBerry, Dell, and...
VulnCheck KEV: CVE-2013-3900
A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...
Nokia Multimedia Player 1.0 SEH Unicode Exploit
No description provided by source. ? Exploit Title: Nokia Multimedia player SEH Unicode Date: January 11 2011 Author: Carlos Mario Penagos Hollmann Software Link: http://www.brothersoft.com/nokia-multimedia-player-download-46238.html Version: 1.00.55.5010 Tested on: Windows xp sp3 running on VMwa...
Microsoft Windows Signature Validation Remote Code Execution - Ver2 (CVE-2012-0151)
A code execution vulnerability has been reported in Windows Authenticode Signature Verification function used for portable executable PE files. The vulnerability is due to an error in the way the Authenticode Signature Verification function validates the file digest of a specially crafted PE file...
Microsoft Windows WinVerifyTrust PE Validation Security Bypass (MS13-098; CVE-2013-3900)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable PE files. A remote attacker could trigger this flaw by sending a...
CVE-2013-3900
Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the forma...
Input validation
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during...
KB2915720: Changes in Windows Authenticode Signature Verification
The remote Windows host has not enabled the Windows Authenticode signature verification certificate padding check. This means extraneous information can be included in signed binaries. Note that Microsoft announced on July 29, 2014, that it no longer plans to enforce the stricter signature...
Microsoft WinVerifyTrust Signature Validation Vulnerability (2893294)
This host is missing an critical security update according to Microsoft Bulletin MS13-098. OpenVAS Vulnerability Test $Id: secpodms13-098.nasl 6104 2017-05-11 09:03:48Z teissa $ Microsoft WinVerifyTrust Signature Validation Vulnerability 2893294 Authors: Shashi Kiran N Copyright: Copyright C 2013...
CVE-2013-3900
CVE-2013-3900 describes a remote code execution in the WinVerifyTrust Authenticode verification for PE files. An attacker could modify a signed executable to execute code without invalidating the signature, potentially gaining full control of the system. Microsoft republished this CVE in the Secu...