MS12-024  MS12-024 - Critical : Vulnerability in Windows Could Allow Remote Code Execution (2653956) - Version: 1.1

Version2012-07-31 Severity Rating: Critical Revision Note: V1.1 (July 31, 2012): Bulletin revised to announce a detection change in the Windows Vista packages for KB2653956 to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.
Bulletin details at Microsoft.com

Related CVE Entries

CVE-2012-0151

Known exploited
The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
Max CVSS
9.3
EPSS Score
95.04%
Published
2012-04-10
Updated
2023-12-07
CISA KEV Added
2022-06-08
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close