MS
PE File WinVerifyTrust Signature Validation Vulnerability
Date
Discovered:
04/13/2010
Severity:
High
Operating
Systems
Affected:
Microsoft
Windows 2000
SP4
Microsoft Windows XP SP 2 & SP 3
Microsoft Windows XP Pro x64 Edition SP 2
Microsoft Windows Server 2003 SP 2
Microsoft Windows Server 2003 x64 SP 2
Microsoft Windows Server 2003 SP2 Itanium
Microsoft Windows Vista
Microsoft Windows Vista SP 1 & SP2
Microsoft Windows Vista x64
Microsoft
Windows Vista x64 SP 1 & SP2
Microsoft
Windows Server 2008 32-bit
Microsoft
Windows Server 2008 32-bit SP 2
Microsoft
Windows Server 2008 x64
Microsoft
Windows Server 2008 x64SP 2
Microsoft
Windows Server 2008 Itanium
Microsoft Windows Server 2008 SP2 Itanium
Microsoft
Windows 7 32-bit
Microsoft Windows 7 x64
Microsoft Windows Server 2008 R2 x64
Microsoft Windows Server 2008 R2 Itanium
Microsoft
Windows
Authenticode Signature Verification function used for portable
executable (PE) and cabinet file formats is reported prone to remote
code execution vulnerability. The flaw is due to improper sanitization
of manipulated signed executable file.
A
remote code execution vulnerability exists in
the Windows Authenticode Signature Verification function used for
portable executable (PE) and cabinet file formats. An attacker could
exploit the vulnerability by modifying an existing signed executable
file to manipulate unverified portions of the signature and file in
such a way as to add malicious code to the file without invalidating
the signature.
A flaw exists within the PE / COFF subject interface package (SIP)
which is used for verifying Authenticode signatures embedded in PE/COFF
files via the WinVerifyTrust API. Successful
exploitation could allow an attacker to
execute arbitrary remote code and take complete control of the victim
machine.
