CVE-2013-3900
Microsoft WinVerifyTrust function Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
La función WinVerifyTrust en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2 y Windows RT Gold y 8.1 no valida correctamente los digest de archivos PE durante la verificación de la firma Authenticode, que permite a atacantes remotos ejecutar código arbitrario mediante un archivo PE manipulado, también conocido como "WinVerifyTrust firma vulnerabilidad de validación."
A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-03 CVE Reserved
- 2013-12-11 CVE Published
- 2022-01-10 Exploited in Wild
- 2022-07-10 KEV Due Date
- 2022-09-06 First Exploit
- 2024-08-06 CVE Updated
- 2024-08-28 EPSS Updated
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/snoopopsec/vulnerability-CVE-2013-3900 | 2022-09-06 | |
| https://github.com/Securenetology/CVE-2013-3900 | 2024-05-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 20h2 Search vendor "Microsoft" for product "Windows 10" and version "20h2" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 21h1 Search vendor "Microsoft" for product "Windows 10" and version "21h1" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 21h2 Search vendor "Microsoft" for product "Windows 10" and version "21h2" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1607 Search vendor "Microsoft" for product "Windows 10" and version "1607" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1809 Search vendor "Microsoft" for product "Windows 10" and version "1809" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1909 Search vendor "Microsoft" for product "Windows 10" and version "1909" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 11 Search vendor "Microsoft" for product "Windows 11" | - | arm64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 11 Search vendor "Microsoft" for product "Windows 11" | - | x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Rt 8.1 Search vendor "Microsoft" for product "Windows Rt 8.1" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | - | sp2, itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | - | sp2, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2019 Search vendor "Microsoft" for product "Windows Server 2019" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2022 Search vendor "Microsoft" for product "Windows Server 2022" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | sp2, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2, professional, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp3 |
Affected
| ||||||