Back
CVE-2012-0151
HIGH
CISA KEV
The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
Published: Apr 10, 2012
Modified: Apr 22, 2026
CWE-20
CWE-20
CVSS Metrics
CVSSv3
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products (18)
| Vendor | Product | Version |
|---|---|---|
| microsoft | windows_7 | - |
| microsoft | windows_7 | - |
| microsoft | windows_server_2003 | - |
| microsoft | windows_server_2008 | - |
| microsoft | windows_server_2008 | - |
| microsoft | windows_server_2008 | r2 |
| microsoft | windows_server_2008 | r2 |
| microsoft | windows_vista | - |
| microsoft | windows_xp | - |
| microsoft | windows_xp | - |
| microsoft | windows_7 | - |
| microsoft | windows_server_2003 | - |
| microsoft | windows_server_2008 | - |
| microsoft | windows_server_2008 | r2 |
| microsoft | windows_server_2008 | r2 |
| microsoft | windows_vista | - |
| microsoft | windows_xp | - |
| microsoft | windows_xp | - |
GitHub Security Advisory GHSA-99qx-cj76-9w2h
The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows...
References (13)
- http://osvdb.org/81135 Broken Link
- http://secunia.com/advisories/48581 Broken Link
- http://www.securitytracker.com/id?1026906 Broken Link, Third Party Advisory, VDB Entry
- http://www.us-cert.gov/cas/techalerts/TA12-101A.html Third Party Advisory, US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024 Patch, Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15594 Broken Link
- http://osvdb.org/81135 Broken Link
- http://secunia.com/advisories/48581 Broken Link
- http://www.securitytracker.com/id?1026906 Broken Link, Third Party Advisory, VDB Entry
- http://www.us-cert.gov/cas/techalerts/TA12-101A.html Third Party Advisory, US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024 Patch, Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15594 Broken Link
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0151 US Government Resource
Risk Scores
CVSS Score
7.8 / 10
EPSS Score
89.01%
Top 0% most likely to be exploited
Threat Score
87.9 / 100
CISA Known Exploited
Date Added:
2022-06-08
Due Date:
2022-06-22
Required Action:
Apply updates per vendor instructions.
Data Sources
NVD
CISA KEV
EPSS
GitHub