CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-0486

The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.442

EPSS Ranking 97.4%

CVSS Severity

CVSS v2 Score 9.3

References

Products affected by CVE-2010-0486

Microsoft » Windows 2000 » Version: N/A

cpe:2.3:o:microsoft:windows_2000:-
Microsoft » Windows 2003 Server » Version: N/A

cpe:2.3:o:microsoft:windows_2003_server:-
Microsoft » Windows 7 » Version: N/A

cpe:2.3:o:microsoft:windows_7:-
Microsoft » Windows 7 » Version: sp1

cpe:2.3:o:microsoft:windows_7:sp1
Microsoft » Windows Server 2003 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2003:-
Microsoft » Windows Server 2003 » Version: r2

cpe:2.3:o:microsoft:windows_server_2003:r2
Microsoft » Windows Server 2008 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2008:-
Microsoft » Windows Server 2008 » Version: r2

cpe:2.3:o:microsoft:windows_server_2008:r2
Microsoft » Windows Vista » Version: N/A

cpe:2.3:o:microsoft:windows_vista:-
Microsoft » Windows Xp » Version: N/A

cpe:2.3:o:microsoft:windows_xp:-
Microsoft » Windows Xp » Version: unknown

cpe:2.3:o:microsoft:windows_xp:unknown

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-0486

Products

Pricing

Contact Us