CVE-2012-0151

HIGH KEV

Microsoft Windows - Remote Code Execution via Authenticode Signature Verification Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2012-0151 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022.

Description

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."

References (7)

Core 7
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026906
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/81135
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-101A.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48581
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024

Scores

CVSS v3 7.8
EPSS 0.8901
EPSS Percentile 99.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-06-08
VulnCheck KEV 2021-11-15
InTheWild.io 2021-11-01
ENISA EUVD EUVD-2012-0189
CWE
CWE-20
Status published
Products (6)
microsoft/windows_7 (5 CPE variants)
microsoft/windows_server_2003 (2 CPE variants)
microsoft/windows_server_2008 (6 CPE variants)
microsoft/windows_server_2008 r2 (6 CPE variants)
microsoft/windows_vista (2 CPE variants)
microsoft/windows_xp (5 CPE variants)
Published Apr 10, 2012
KEV Added Jun 08, 2022
Tracked Since Feb 18, 2026