CVE-2012-0151 - Vulnerability Details

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since June 8, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Microsoft	Windows 7 Windows Server 2003 Windows Server 2008 Windows Vista Windows Xp

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_7:-:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_7:-:sp1:::::x86:*
	cpe:2.3:o:microsoft:windows_server_2003:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::itanium:*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2008:r2::::::itanium:
	cpe:2.3:o:microsoft:windows_server_2008:r2::::::x64:
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2:::::x64:*
	cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

Configuration 2 [-]

OR	cpe:2.3:o:microsoft:windows_7:-:sp1::::::
	cpe:2.3:o:microsoft:windows_server_2003:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2:::professional::x64:
	cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

No data.

References

Link	Providers
http://osvdb.org/81135
http://secunia.com/advisories/48581
http://www.securitytracker.com/id?1026906
http://www.us-cert.gov/cas/techalerts/TA12-101A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15594
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0151

History

Wed, 22 Apr 2026 10:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:microsoft:windows_7::sp1:x64::::: cpe:2.3:o:microsoft:windows_7::sp1:x86::::: cpe:2.3:o:microsoft:windows_server_2003::sp2::::::* cpe:2.3:o:microsoft:windows_server_2008::sp2:itanium::::: cpe:2.3:o:microsoft:windows_server_2008::sp2:x64::::: cpe:2.3:o:microsoft:windows_server_2008::sp2:x86::::: cpe:2.3:o:microsoft:windows_server_2008:r2::itanium::::: cpe:2.3:o:microsoft:windows_server_2008:r2::x64::::: cpe:2.3:o:microsoft:windows_vista::sp2::::::* cpe:2.3:o:microsoft:windows_xp::sp3::::::* cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*	cpe:2.3:o:microsoft:windows_7:-:sp1:::::x64:* cpe:2.3:o:microsoft:windows_7:-:sp1:::::x86:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::itanium:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x64:* cpe:2.3:o:microsoft:windows_server_2008:r2::::::itanium: cpe:2.3:o:microsoft:windows_server_2008:r2::::::x64: cpe:2.3:o:microsoft:windows_xp:-:sp2:::::x64:*

Wed, 22 Oct 2025 01:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0151

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0151

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0151

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.8789}`	epss `{'score': 0.88546}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.88523}`	epss `{'score': 0.8789}`

Tue, 04 Feb 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-06-08'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2012-04-10T21:00:00.000Z

Updated: 2025-10-22T00:05:48.035Z

Reserved: 2011-12-13T00:00:00.000Z

Link: CVE-2012-0151

Vulnrichment

Updated: 2024-08-06T18:16:19.086Z

NVD

Status : Analyzed

Published: 2012-04-10T21:55:01.597

Modified: 2026-04-22T10:36:08.693

Link: CVE-2012-0151

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object