Microsoft WinVerifyTrust Signature Validation Vulnerability (2893294)

This host is missing an critical security update according to Microsoft Bulletin MS13-098. OpenVAS Vulnerability Test $Id: secpodms13-098.nasl 6104 2017-05-11 09:03:48Z teissa $ Microsoft WinVerifyTrust Signature Validation Vulnerability 2893294 Authors: Shashi Kiran N Copyright: Copyright C 2013...

December 2013 Microsoft Patch Tuesday Security Updates

One zero-day down, one to go. As expected, Microsoft did today patch a zero-day in its GDI+ graphics component MS13-096 reported more than a month ago after exploits were spotted in the wild. The fix was one of 11 security bulletins—five critical—released as part of the December 2013 Patch Tuesda...

MS13-098: Update to enhance the security of Authenticode

Today we released MS13-098, a security update that strengthens the Authenticode code-signing technology against attempts to modify a signed binary without invalidating the signature. This update addresses a specific instance of malicious binary modification that could allow a modified binary to...

Microsoft Windows CVE-2013-3900 Remote Code Execution Vulnerability

Description Microsoft Windows Authenticode Signature Verification is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed Portable Executable PE file. Successful exploits can allow attacke...

PT-2013-1328

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description The issue is related to the WinVerifyTrust function in Windows, which is associated with the improper verification of PE file digests during Authenticode signature checking. This can allow a...

MS12-024: Vulnerability in Windows Could Allow Remote Code Execution (2653956)

The version of Windows running on the remote host has vulnerabilities in the Windows Authenticode Signature mechanism. Modifying an existing signed executable can result in arbitrary code execution. A remote attacker could exploit this by tricking a user into executing or opening a maliciously...

Windows Authenticode Signature Remote Code Execution Vulnerability (2653956)

This host is missing a critical security update according to Microsoft Bulletin MS12-024. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2012-0151

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable P...

Input validation

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable P...

CVE-2012-0151

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable P...

CVE-2012-0151

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable P...

Microsoft Windows Signature Validation Remote Code Execution (MS12-024; CVE-2012-0151)

A remote code execution vulnerability has been reported in Windows Authenticode Signature Verification function used for portable executable PE files. The vulnerability is due to an error in the way the Authenticode Signature Verification function validates the file digest of a specially crafted ...

Microsoft Windows Authenticode Signature Verification Function Remote Code Execution Vulnerability

Description Microsoft Windows Authenticode Signature Verification is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed Portable Executable PE file. Successful exploits can allow attacke...

PT-2012-1231 · Microsoft · Windows Xp +6

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview Description: The Authenticode Signature Verification functi...

Microsoft ClickOnce MITM Vulnerabilities

============================================================================== ======|ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ|====== ======| ClickOnce Man-In-The-Middle [email protected] |====== ======||======...

Microsoft WinVerifyTrust Cabview Corruption Security Bypass (MS10-019; CVE-2010-0487)

A cabinet is a single file, usually suffixed with .CAB, that stores compressed files in a file library. A vulnerability has been discovered in the Windows Authenticode Signature verification for cabinet .cab file formats. The vulnerability is caused when the Windows Cabinet File Viewer omits fiel...

Microsoft Security Bulletin MS10-019 - Critical Vulnerabilities in Windows Could Allow Remote Code Execution (981210)

Microsoft Security Bulletin MS10-019 - Critical Vulnerabilities in Windows Could Allow Remote Code Execution 981210 Published: April 13, 2010 | Updated: April 14, 2010 Version: 1.1 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Window...

CVE-2010-0487

The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does...

Input validation

The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a...

CVE-2010-0486

CVE-2010-0486 describes a remote code execution vulnerability in Windows Authenticode Signature Verification (WinVerifyTrust) affecting PE and cabinet (.CAB) handling. The flaw arises from improper use of certain file digest fields during signing/verifying, enabling a modified signed file to exec...