Input validation

2013-12-1100:55:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.742 High

EPSS

Percentile

98.1%

JSON

The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka “WinVerifyTrust Signature Validation Vulnerability.”

CPENameOperatorVersion
windows_10eq1607
windows_10eq1809
windows_10eq1909
windows_10eq20.0.0-h2
windows_10eq21.0.0-h1
windows_10eq21.0.0-h2
windows_7eq- sp1
windows_server_2003eq- sp2
windows_server_2003eq- sp2
windows_server_2008eqr2 sp1

Name	Operator	Version
windows_10	eq	1607
windows_10	eq	1809
windows_10	eq	1909
windows_10	eq	20.0.0-h2
windows_10	eq	21.0.0-h1
windows_10	eq	21.0.0-h2
windows_7	eq	- sp1
windows_server_2003	eq	- sp2
windows_server_2003	eq	- sp2
windows_server_2008	eq	r2 sp1