4 matches found
CVE-2010-0486
The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a...
CVE-2010-0486
CVE-2010-0486 describes a remote code execution vulnerability in Windows Authenticode Signature Verification (WinVerifyTrust) affecting PE and cabinet (.CAB) handling. The flaw arises from improper use of certain file digest fields during signing/verifying, enabling a modified signed file to exec...
Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210)
This host is missing a critical security update according to Microsoft Bulletin MS10-019. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Windows Authenticode Signature Verification远程代码执行漏洞(MS10-019)
BUGTRAQ ID: 39328 CVE ID: CVE-2010-0486 Windows Authenticode Signature Verification功能也称为WinVerifyTrust,用于对指定的对象执行信任验证操作。 Windows Authenticode Signature Verification功能在处理PE和cabinet文件格式的某些文件digest字段时存在错误。匿名攻击者可以通过修改已有的签名可执行文件以篡改签名文件的未验证部分来利用此漏洞,从而无需使签名失效便向文件添加恶意代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。 Microsoft...