1. Home
  2. Vulnerabilities
  3. CVE-2013-3900

CVE-2013-3900

CVSS v2.0 7.6 (High)
76% Progress
EPSS 73.51 % (98th)
73.51% Progress
Affected Products 13
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
Microsoft Corporation
Published Date
2013-12-11 00:55:03
(10 years ago)
Updated Date
2022-11-02 15:15:43
(22 months ago)
Microsoft WinVerifyTrust function Remote Code Execution (CISA - Known Exploited Vulnerabilities Catalog)
Description
A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-3900
Vendor
Microsoft
Product
WinVerifyTrust function
In CISA Catalog from
2022-01-10
(2 years ago)
Due Date
2022-07-10
(2 years ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 cpe:2.3:o:microsoft:windows_10:-
  Microsoft Windows 10 20h2 cpe:2.3:o:microsoft:windows_10:20h2
  Microsoft Windows 10 21h1 cpe:2.3:o:microsoft:windows_10:21h1
  Microsoft Windows 10 21h2 cpe:2.3:o:microsoft:windows_10:21h2
  Microsoft Windows 10 1607 cpe:2.3:o:microsoft:windows_10:1607
  Microsoft Windows 10 1809 cpe:2.3:o:microsoft:windows_10:1809
  Microsoft Windows 10 1909 cpe:2.3:o:microsoft:windows_10:1909
  Microsoft Windows 11 on Arm64 cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64
  Microsoft Windows 11 on X64 cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64
  Microsoft Windows 7 SP1 cpe:2.3:o:microsoft:windows_7:-:sp1
  Microsoft Windows 8.1 cpe:2.3:o:microsoft:windows_8.1:-
  Microsoft Windows Rt 8.1 cpe:2.3:o:microsoft:windows_rt_8.1:-
  Microsoft Windows Server 2003 SP2 on Itanium cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium
  Microsoft Windows Server 2003 SP2 on X64 cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64
  Microsoft Windows Server 2008 SP2 cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  Microsoft Windows Server 2008 R2 SP1 on X64 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64
  Microsoft Windows Server 2012 cpe:2.3:o:microsoft:windows_server_2012:-
  Microsoft Windows Server 2012 R2 cpe:2.3:o:microsoft:windows_server_2012:r2
  Microsoft Windows Server 2016 cpe:2.3:o:microsoft:windows_server_2016:-
  Microsoft Windows Server 2019 cpe:2.3:o:microsoft:windows_server_2019:-
  Microsoft Windows Server 2022 cpe:2.3:o:microsoft:windows_server_2022:-
  Microsoft Windows Vista SP2 on X64 cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:-:*:x64
  Microsoft Windows Xp SP2 on X64 cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64
  Microsoft Windows Xp SP3 cpe:2.3:o:microsoft:windows_xp:-:sp3