CVE-2012-0151 Information

Description

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3 Windows Server 2003 SP2 Windows Vista SP2 Windows Server 2008 SP2 R2 and R2 SP1 Windows 7 Gold and SP1 and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content aka \WinVerifyTrust Signature Validation Vulnerability.\

Reference

http://osvdb.org/81135 http://secunia.com/advisories/48581 http://www.securitytracker.com/id?1026906 http://www.us-cert.gov/cas/techalerts/TA12-101A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A15594