Vulnerability — CVE-2012-0151

CVE-2012-0151

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2012-0151
Description:: The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
Last updated date:: 06/28/2024

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 11/01/2021
Reference url to background: https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 06/08/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog