Vulnerability Name: CVE-2013-3900 (CCN-89307) Assigned: 2013-12-10 Published: 2013-12-10 Updated: 2022-11-02 Summary: The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C )5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Privileges References: Source: CONFIRM Type: Vendor Advisoryhttp://blogs.technet.com/b/srd/archive/2013/12/10/ms13-098-update-to-enhance-the-security-of-authenticode.aspx Source: MITRE Type: CNACVE-2013-3900 Source: CCN Type: SA55971Microsoft Windows WinVerifyTrust Windows Authenticode Signature Verification Vulnerability Source: CCN Type: Microsoft Security Bulletin MS13-098Vulnerability in Windows Could Allow Remote Code Execution (2893294) Source: CCN Type: BID-64079Microsoft Windows CVE-2013-3900 Remote Code Execution Vulnerability Source: MS Type: Patch, Vendor AdvisoryMS13-098 Source: XF Type: UNKNOWNms-win-cve20133900-code-exec(89307) Source: MISC Type: Patch, Vendor Advisoryhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 Source: CCN Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCYKNOWN EXPLOITED VULNERABILITIES CATALOG Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_11_21h2:10.0.22000.739:*:*:*:*:*:arm64:* OR cpe:/o:microsoft:windows_11_21h2:10.0.22000.739:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2022:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:21h2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:20h2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:21h1:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1909:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1809:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:-:*:x64:* Configuration CCN 1 :cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:itanium:* OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista::sp2:~~~~x64~:*:*:*:*:* OR cpe:/o:microsoft:windows_vista::sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows:xp:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x86:* OR cpe:/o:microsoft:windows_7::sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8:::~~~~x64~:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:20872 V WinVerifyTrust Signature Validation Vulnerability (CVE-2013-3900) - MS13-098 2014-01-27
BACK
microsoft windows xp - sp3
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 r2
microsoft windows 10 1607
microsoft windows 8.1 -
microsoft windows server 2016 -
microsoft windows server 2008 - sp2
microsoft windows 7 - sp1
microsoft windows rt 8.1 -
microsoft windows 11 -
microsoft windows 11 -
microsoft windows server 2022 -
microsoft windows server 2019 -
microsoft windows 10 -
microsoft windows 10 21h2
microsoft windows 10 20h2
microsoft windows 10 21h1
microsoft windows 10 1909
microsoft windows 10 1809
microsoft windows server 2012 -
microsoft windows server 2003 - sp2
microsoft windows xp - sp2
microsoft windows server 2003 - sp2
microsoft windows vista - sp2
microsoft windows server_2003
microsoft windows server_2003
microsoft windows server_2003
microsoft windows vista sp2
microsoft windows vista sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows xp sp2
microsoft windows 7 - sp1
microsoft windows 7 sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft windows xp sp3
microsoft windows 8 - -
microsoft windows 8
microsoft windows server 2012
microsoft windows rt -
microsoft windows 8.1 - -
microsoft windows 8.1
microsoft windows server 2012 r2
microsoft windows rt 8.1 -