A remote code execution vulnerability exists in the Windows Authenticode Signature Verification function used for cabinet (.cab) file formats. An attacker could exploit the vulnerability by modifying an existing signed cabinet file to manipulate unverified portions of the signature and file in such a way as to add malicious code to the file without invalidating the signature.

A flaw exists within the CAB subject interface package (SIP) which is used for verifying Authenticode signatures embedded in CAB files via the WinVerifyTrust API. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary remote code and take complete control of the victim machine.