CVE-2010-0486

The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a...

CVE-2010-0486

CVE-2010-0486 describes a remote code execution vulnerability in Windows Authenticode Signature Verification (WinVerifyTrust) affecting PE and cabinet (.CAB) handling. The flaw arises from improper use of certain file digest fields during signing/verifying, enabling a modified signed file to exec...

CVE-2010-0487

CVE-2010-0487 describes a remote code execution vulnerability in Windows Cabinet File Viewer (cabview.dll) where the Authenticode signature verification omits certain fields from the digest for cabinet files. Affected: Cabinet File Viewer Shell Extension (cabview.dll) versions 5.1, 6.0, 6.1 on Wi...

PT-2010-2247 · Microsoft · Windows Server 2003 +6

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, Server 2008 Gold, SP2, and R2, and Windows 7 Description: A remote code execution issue exists in the Windows Authenticode Signature Verification...

PT-2010-2248 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue arises from the improper use of unspecified fields in a file digest by the Authenticode Signature verification functionality, allowing remote attackers to execute...

Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210)

This host is missing a critical security update according to Microsoft Bulletin MS10-019. OpenVAS Vulnerability Test $Id: secpodms10-019.nasl 5934 2017-04-11 12:28:28Z antu123 $ Microsoft Windows Authentication Verification Remote Code Execution Vulnerability 981210 Authors: Veerendra G Updated B...

Microsoft Windows Authenticode Signature Verification远程代码执行漏洞（MS10-019）

BUGTRAQ ID: 39328 CVE ID: CVE-2010-0486 Windows Authenticode Signature Verification功能也称为WinVerifyTrust，用于对指定的对象执行信任验证操作。 Windows Authenticode Signature Verification功能在处理PE和cabinet文件格式的某些文件digest字段时存在错误。匿名攻击者可以通过修改已有的签名可执行文件以篡改签名文件的未验证部分来利用此漏洞，从而无需使签名失效便向文件添加恶意代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。 Microsoft...

MS10-019: Vulnerabilities in Windows Could Allow Remote Code Execution (981210)

The version of Windows running on the remote host has vulnerabilities in the Windows Authenticode Signature mechanism. Modifying an existing signed executable or cabinet file can result in arbitrary code execution. A remote attacker could exploit this by tricking a user into executing or opening ...

Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability

Description Microsoft Windows Authenticode Signature Verification is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed Portable Executable PE or cabinet file. Successful exploits can...

Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)

There is a vulnerability in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with an approval dialog. To exploit this vulnerability, an attacker could host a malicious Web Site designed to exploit this...

Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)

There is a vulnerability in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with an approval dialog. SPDX-FileCopyrightText: 2003 Jeff Adams Some text descriptions might be excerpted from a referenced...

CVE-2003-0660

The CVE-2003-0660 issue is a vulnerability in the Authenticode verification mechanism used by Windows NT through Server 2003. Under low-memory conditions, an ActiveX control could be downloaded and installed without prompting the user, enabling remote code execution with the user’s privileges whe...

Microsoft Windows Authenticode protection bypass

There is a vulnerability in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with an approval dialog...

Microsoft Security Bulletin MS03-041

Microsoft Security Bulletin MS03-041 Vulnerability in Authenticode Verification Could Allow Remote Code Execution 823182 Issued: October 15, 2003 Version Number: 1.0 Summary Who Should Read This Document: Customers using Microsoft® Windows® Impact of Vulnerability: Remote Code Execution Maximum...

Microsoft Authenticode mechanism installs ActiveX controls without prompting user

Overview A vulnerability in Microsoft's Authenticode could allow a remote attacker to install an untrusted ActiveX control on the victim's system. Description According to Microsoft Security Bulletin MS03-041:ActiveX is a technology that allows programmers to develop self-contained software modul...

MS03-041: Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)

The remote host contains a version of the Authenticode Verification module that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page. An attacker may also be able to exploit the vulnerability by sendin...