3 matches found
CVE-2023-40012
creationtimestamp| type| source ---|---|--- 2023-08-09 20:15:02+00:00| seen| https://t.me/cibsecurity/68102...
CVE-2023-40012
The CVE concerns uthenticode, a cross‑platform library used to partially verify Authenticode signatures. The root cause is that versions prior to the 2.x series did not check Extended Key Usages (EKU) in certificates, allowing a maliciously issued certificate (e.g., SSL) to produce a “signed” PE ...
CVE-2023-40012 uthenticode EKU validation bypass
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...