CVE-2010-0486: Input Validation
First published: Wed Apr 14 2010(Updated: )
The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | ||
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =r2 | |
| Microsoft Windows Server 2008 Itanium | =r2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-0486?
CVE-2010-0486 has been rated as critical due to potential exploitation leading to remote code execution.
How do I fix CVE-2010-0486?
To mitigate CVE-2010-0486, apply the latest security updates released by Microsoft for affected Windows versions.
Which Microsoft operating systems are affected by CVE-2010-0486?
CVE-2010-0486 affects multiple Microsoft operating systems including Windows 2000, Windows XP, Windows Vista, and various versions of Windows Server 2003 and 2008.
What type of vulnerability is CVE-2010-0486?
CVE-2010-0486 is a vulnerability in the WinVerifyTrust function related to the Authenticode signature verification process.
Can CVE-2010-0486 be exploited remotely?
Yes, CVE-2010-0486 can be exploited remotely if an attacker tricks a user into executing malicious software.
- agent/author
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft windows 7
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/sp2
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/sp2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- version/microsoft windows vista/sp2
- version/microsoft windows server 2008 itanium/r2