Proactively Managing High-Risk Vulnerabilities with TruRisk Mitigate™

In late 2024, organizations faced over 65 million detections from three critical vulnerabilities—CVE-2013-2900, CVE-2024-38122, and CVE-2024-30078—underscoring the urgent need for proactive vulnerability management. Adding to these challenges, the Qualys Threat Research Unit TRU uncovered five...

The vulnerability of the WinVerifyTrust function in the Windows operating system, allowing a hacker to execute arbitrary code

The vulnerability of the WinVerifyTrust function in the Windows operating system is related to improper validation of PE files during the verification of Authenticode signatures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created signed PE...

WinVerifyTrust Signature Validation Vulnerability

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the forma...

Microsoft WinVerifyTrust function Remote Code Execution

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...

Update for SIP to enable WinVerifyTrust function in Windows Server 2008 R2 SP1 to work with a later version of Windows

Update for SIP to enable WinVerifyTrust function in Windows Server 2008 R2 SP1 to work with a later version of Windows About this update Subject Interface Packages SIPs are required in order to read the digital signatures on specific file types. After you install this update, SIPs enable the...

VulnCheck KEV: CVE-2013-3900

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...

Microsoft Windows WinVerifyTrust PE Validation Security Bypass (MS13-098; CVE-2013-3900)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable PE files. A remote attacker could trigger this flaw by sending a...

CVE-2013-3900

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the forma...

Input validation

The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during...

CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability

...

CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability

...

Microsoft WinVerifyTrust Signature Validation Vulnerability (2893294)

This host is missing an critical security update according to Microsoft Bulletin MS13-098. OpenVAS Vulnerability Test $Id: secpodms13-098.nasl 6104 2017-05-11 09:03:48Z teissa $ Microsoft WinVerifyTrust Signature Validation Vulnerability 2893294 Authors: Shashi Kiran N Copyright: Copyright C 2013...

CVE-2013-3900

CVE-2013-3900 describes a remote code execution in the WinVerifyTrust Authenticode verification for PE files. An attacker could modify a signed executable to execute code without invalidating the signature, potentially gaining full control of the system. Microsoft republished this CVE in the Secu...

CVE-2013-3900

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the forma...

Microsoft WinVerifyTrust Signature Validation Vulnerability (2893294)

This host is missing a critical security update according to Microsoft Bulletin MS13-098. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS13-098: Vulnerability in Windows Could Allow Remote Code Execution (2893294)

The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability. The vulnerability exists in the method in which the WinVerifyTrust function deals with Windows Authenticode signature verification for portable executable files. An attacker could...

Microsoft Windows WinVerifyTrust Signature Validation Code Execution (MS13-098; CVE-2013-3900)

A remote code execution vulnerability has been reported in Microsoft Windows...

Microsoft Windows multiple security vulnerabilities

MSCOMCTL.ocx code execution, .Net code execution, WinVerifyTrust digital signature validation vulnerability...

CVE-2012-0151

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable P...

CVE-2010-0486

The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a...