CVE-2012-0151 vulnerability in Microsoft Products
Published on April 10, 2012
Known Exploited Vulnerability
This Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.
The following remediation steps are recommended / required by June 22, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2012-0151
You can be notified by stack.watch whenever vulnerabilities like CVE-2012-0151 are published in these products:
What versions are vulnerable to CVE-2012-0151?
- Microsoft Windows Server 2008 sp2 x86
- Microsoft Windows Server 2008 sp2 itanium
- Microsoft Windows Server 2008 Version r2 itanium
- Microsoft Windows Server 2008 Version r2 x64
- Microsoft Windows XP Version - sp2 x64
- Microsoft Windows XP sp3
- Microsoft Windows Server 2008 sp2 x64
- Microsoft Windows 7 sp1 x86
- Microsoft Windows Server 2003 sp2
- Microsoft Windows Vista sp2
- Microsoft Windows 7 sp1 x64