Microsoft Windows Authenticode Signature Verification
Microsoft Windows Authenticode Signature Verification Security Bypass
Release Date : 2012-04-10
Crriticality level : Less critical
Ipact : Security Bypass
Where : From remote
Solution Status : Vendor Patch
Operating System: Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to the Windows Authenticode Signature Verification functionality insufficiently validating a PE (Portable Executable) file's file digest. This can be exploited to manipulate a signed executable file by e.g. adding malicious code without invalidating the signature.
Successful exploitation allows execution of arbitrary code, but requires a user or application to run a specially crafted, signed PE file that is considered trusted.
Provided and/or discovered by:
The vendor credits Robert Zacek and Igor Glucksmann, Avast Software.