Vulnerability Name:

CCN-10958

Published:2002-12-26
Updated:2002-12-26
Summary:The Windows File Protection (WFP) mechanism in Windows 2000 and Windows XP trusts any code that is signed by a trusted root Certification Authority (CA) certificate that is configured for the operating system. This could allow a remote attacker using a certificate that was issued by a trusted root CA to create malicious digitally signed files that would be accepted as trusted by a vulnerable system.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Other
References:Source: CCN
Type: BugTraq Mailing List, Thu Dec 26 2002 - 04:55:36 CST
Full Disclosure: Windows File Protection Arbitrary Certificate Chain Vulnerability

Source: CCN
Type: BID-6482
Microsoft Windows File Protection Code-Signing Verification Weakness

Source: XF
Type: UNKNOWN
wfp-certificate-chain-trusted(10958)

Source: CCN
Type: Microsoft Knowledge Base Article 222193
Description of the Windows 2000 Windows File Protection Feature

Source: CCN
Type: Microsoft Knowledge Base Article 296241
Windows File Protection May Not Start

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft windows 2000 *
    microsoft windows xp