CVE-2013-3900

Name of the Vulnerable Software and Affected Versions Windows (affected versions not specified)

Description The issue is related to the WinVerifyTrust function in Windows, which is associated with the improper verification of PE file digests during Authenticode signature checking. This can allow a remote attacker to execute arbitrary code using a specially crafted signed PE file. The vulnerability exists in the WinVerifyTrust function and is related to the checking of Windows Authenticode signatures for portable executable (PE) files. An anonymous attacker can add malicious code to an existing signed executable file without affecting the validity of its signature. Exploitation of this issue allows the attacker to gain full control over the system, enabling them to install programs, view, modify, or delete data, and create new user accounts with full user rights.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.