Test ID:	1.3.6.1.4.1.25623.1.0.902669
Category:	Windows : Microsoft Bulletins
Title:	Windows Authenticode Signature Remote Code Execution Vulnerability (2653956)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS12-024.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS12-024. Vulnerability Insight: The flaw is due to the way Windows Authenticode Signature Verification function verifies portable executable (PE) files, which can be exploited to add malicious code to the file without invalidating the signature. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code as the logged-on user. Affected Software/OS: - Microsoft Windows 7 Service Pack 1 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0151 Cert/CC Advisory: TA12-101A http://www.us-cert.gov/cas/techalerts/TA12-101A.html Microsoft Security Bulletin: MS12-024 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024 http://osvdb.org/81135 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15594 http://www.securitytracker.com/id?1026906 http://secunia.com/advisories/48581
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.