← Volver a CVEs
CVE-2012-0151
HIGHCISA KEV7.8
Descripcion
The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado4/10/2012
Ultima modificacion4/22/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorMicrosoft
ProductoWindows
Nombre vulnerabilidadMicrosoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability
Fecha inclusion KEV2022-06-08
Fecha limite remediacion2022-06-22
Uso en ransomwareUnknown
Productos afectados
microsoft:windows_7microsoft:windows_server_2003microsoft:windows_server_2008microsoft:windows_vistamicrosoft:windows_xp
Debilidades (CWE)
CWE-20CWE-20
Referencias
http://osvdb.org/81135(secure@microsoft.com)
http://secunia.com/advisories/48581(secure@microsoft.com)
http://www.securitytracker.com/id?1026906(secure@microsoft.com)
http://www.us-cert.gov/cas/techalerts/TA12-101A.html(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15594(secure@microsoft.com)
http://osvdb.org/81135(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48581(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1026906(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA12-101A.html(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15594(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0151(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.