CVE-2013-3900CISA KEV: Actively Exploited

Microsoft WinVerifyTrust function Remote Code Execution

Published Jan 10, 2022·Updated Jan 10, 2022

Description

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.

Public Exploits & PoCs9 found

PoC: cve-2013-3900-winverifytrust-mitigation

PowerShell remediation for CVE-2013-3900 (WinVerifyTrust) / Tenable Plugin 166555 using EnableCertPaddingCheck.

PoC: vulnerability-remediation-cve-2013-3900

End-to-end remediation of CVE-2013-3900 using PowerShell and Tenable. Demonstrates vulnerability identification, registry hardening, and automated verification in an Azure environment

PoC: CVE-2013-3900-PowerShell-PoC

CVE PoC

PoC: CVE-2013-3900

CVE-2013-3900 WinVerifyTrust Signature

PoC: CVE-2013-3900_Remediation_PowerShell

Script to make changes on registry to fix CVE-2013-3900. It comes with an option to undo in case it breaks something on your environment.

PoC: WinVerifyTrust

WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)

PoC: CVE-2013-3900-WinTrustVerify

Powershell script that checks for cert padding in the Windows Registry and adds it if it does not exist. Meant to resolve the WinTrustVerify Vulnerability.

PoC: Fix-WinVerifyTrustSignatureValidationVuln

Fix WinVerifyTrust Signature Validation Vulnerability, CVE-2013-3900, QID-378332

PoC: vulnerability-CVE-2013-3900

Remediation for CVE-2013-3900

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free