CVE-2012-0151

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview

Description The Authenticode Signature Verification function in Microsoft Windows does not properly validate the digest of a signed portable executable (PE) file. This allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content. An attacker could exploit the vulnerability by modifying an existing signed executable file to add malicious code without invalidating the signature, potentially taking complete control of an affected system.

Recommendations For Microsoft Windows XP SP2 and SP3, consider applying security updates or patches to fix the Authenticode Signature Verification issue. For Windows Server 2003 SP2, apply the recommended security patch to resolve the vulnerability. For Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview, update to a newer version or apply the relevant security fix to mitigate the risk of exploitation. As a temporary workaround, consider restricting the execution of signed portable executable (PE) files until a patch is available.