The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability announce CVE-2013-3900

Windows: code execution via WinVerifyTrust

Synthesis of the vulnerability

An attacker can alter a valid signed file, without being noticed by WinVerifyTrust, in order to deceive the victim so it runs the program.
Vulnerable software: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity of this announce: 3/4.
Consequences of an intrusion: user access/rights.
Attacker's origin: document.
Creation date: 10/12/2013.
Revision date: 30/07/2014.
Références of this computer vulnerability: 2893294, BID-64079, CERTA-2013-AVI-664, CVE-2013-3900, MS13-098, VIGILANCE-VUL-13927.

Description of the vulnerability

The Authenticode feature checks the signature of an executable, in order to warn users before running the program

However, the WinVerifyTrust function does not correctly check the hash of the executable file.

An attacker can therefore alter a valid signed file, without being noticed by WinVerifyTrust, in order to deceive the victim, so he runs the program.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computers vulnerabilities alerts. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.