CVE-2012-0151

Published: Apr 10, 2012Modified: Apr 22, 2026CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."

Affected (15)

Products: Microsoft: Windows 7, Windows Server 2008, Windows Xp, Windows Server 2003, Windows Vista

5 products

Windows Server 2008

Windows Server 2003

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2
Microsoft Windows Server 2008	Version r2
Microsoft Windows Xp	All versions

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (13)

http://osvdb.org/81135

Source: secure@microsoft.com

Broken Link

http://secunia.com/advisories/48581

Source: secure@microsoft.com

Broken Link

http://www.securitytracker.com/id?1026906

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA12-101A.html

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024

Source: secure@microsoft.com

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15594

Source: secure@microsoft.com

Broken Link

http://osvdb.org/81135

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/48581

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securitytracker.com/id?1026906

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA12-101A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15594

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0151

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.