CVE-2012-0151
CVE-2012-0151
In short
Windows fails to properly check if executable files have been tampered with after being signed, allowing attackers to add malicious code to signed programs without detection. This means a legitimate-looking file could contain hidden harmful content.
Technical detail
The WinVerifyTrust function improperly validates the cryptographic digest of signed PE files, allowing attackers to append arbitrary content without invalidating the signature. Exploitation requires user interaction (file execution) and affects multiple Windows versions across XP through Windows 8, with impact ranging from arbitrary code execution in the security context of the executing user.
Summary generated and translated by AI from the official description.
The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/81135https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024http://secunia.com/advisories/48581https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15594https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0151http://www.securitytracker.com/id?1026906http://www.us-cert.gov/cas/techalerts/TA12-101A.html