CVE-2013-3900 (CNNVD-201312-181)
MEDIUM
中文标题:
Microsoft Windows 数据伪造问题漏洞
英文标题:
WinVerifyTrust Signature Validation Vulnerability
CVSS分数:
5.5
发布时间:
2013-12-11 00:00:00
漏洞类型:
授权问题
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在数据伪造问题漏洞。攻击者可以通过修改经过签名的现有可执行文件以利用文件的未验证部分来利用此漏洞,从而向文件添加恶意代码,而无需使签名无效。成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。以下软件受到影响:Microsoft Windows XP SP2、SP3,Windows Server 2003 SP2,Windows Vista SP2,Windows Server 2008 SP2 、R2 SP1,Windows 7 SP1,Windows 8,Windows 8.1,Windows Server 2012和Windows Server 2012 R2Windows RT和Windows RT 8.1。
英文描述:
NOT_EXTRACTED
CWE类型:
CWE-347
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1809 | N/A | - | - |
cpe:2.3:a:microsoft:windows_10_version_1809:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2019 | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2019:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2019 (Server Core installation) | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2019_(server_core_installation):n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2022 | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2022:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows 11 version 21H2 | N/A | - | - |
cpe:2.3:a:microsoft:windows_11_version_21h2:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows 10 Version 21H2 | N/A | - | - |
cpe:2.3:a:microsoft:windows_10_version_21h2:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows 11 version 22H2 | N/A | - | - |
cpe:2.3:a:microsoft:windows_11_version_22h2:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows 10 Version 22H2 | N/A | - | - |
cpe:2.3:a:microsoft:windows_10_version_22h2:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2025 (Server Core installation) | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2025_(server_core_installation):n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows 11 version 22H3 | N/A | - | - |
cpe:2.3:a:microsoft:windows_11_version_22h3:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows 11 Version 23H2 | N/A | - | - |
cpe:2.3:a:microsoft:windows_11_version_23h2:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2022,_23h2_edition_(server_core_installation):n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows 11 Version 24H2 | N/A | - | - |
cpe:2.3:a:microsoft:windows_11_version_24h2:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2025 | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2025:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows 10 Version 1507 | N/A | - | - |
cpe:2.3:a:microsoft:windows_10_version_1507:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows 10 Version 1607 | N/A | - | - |
cpe:2.3:a:microsoft:windows_10_version_1607:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2016 | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2016:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2016 (Server Core installation) | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2016_(server_core_installation):n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2008 Service Pack 2 | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2008_service_pack_2:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2008_service_pack_2_(server_core_installation):n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2008 Service Pack 2 | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2008__service_pack_2:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2008_r2_service_pack_1:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2008_r2_service_pack_1_(server_core_installation):n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2012 | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2012:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2012 (Server Core installation) | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2012_(server_core_installation):n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2012 R2 | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2012_r2:n_a:*:*:*:*:*:*:*
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) | N/A | - | - |
cpe:2.3:a:microsoft:windows_server_2012_r2_(server_core_installation):n_a:*:*:*:*:*:*:*
|
| microsoft | windows_10_1507 | - | - | - |
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
|
| microsoft | windows_10_1607 | - | - | - |
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
|
| microsoft | windows_10_1809 | - | - | - |
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*
|
| microsoft | windows_10_1909 | - | - | - |
cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:*
|
| microsoft | windows_10_20h2 | - | - | - |
cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:*:*
|
| microsoft | windows_10_21h1 | - | - | - |
cpe:2.3:o:microsoft:windows_10_21h1:-:*:*:*:*:*:*:*
|
| microsoft | windows_10_21h2 | - | - | - |
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*
|
| microsoft | windows_10_22h2 | - | - | - |
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*
|
| microsoft | windows_11_21h2 | - | - | - |
cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*
|
| microsoft | windows_11_22h2 | - | - | - |
cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*
|
| microsoft | windows_11_23h2 | - | - | - |
cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:arm64:*
|
| microsoft | windows_11_24h2 | - | - | - |
cpe:2.3:o:microsoft:windows_11_24h2:-:*:*:*:*:*:arm64:*
|
| microsoft | windows_7 | - | - | - |
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
|
| microsoft | windows_8.1 | - | - | - |
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
|
| microsoft | windows_rt_8.1 | - | - | - |
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
|
| microsoft | windows_server_2008 | - | - | - |
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
|
| microsoft | windows_server_2008 | r2 | - | - |
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
|
| microsoft | windows_server_2012 | - | - | - |
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
|
| microsoft | windows_server_2012 | r2 | - | - |
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
|
| microsoft | windows_server_2016 | - | - | - |
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
|
| microsoft | windows_server_2019 | - | - | - |
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
|
| microsoft | windows_server_2022 | - | - | - |
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
|
| microsoft | windows_server_2022_23h2 | - | - | - |
cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*
|
| microsoft | windows_server_2025 | - | - | - |
cpe:2.3:o:microsoft:windows_server_2025:-:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
CVSS评分详情
3.1 (cna)
MEDIUM
5.5
CVSS向量:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
机密性
NONE
完整性
HIGH
可用性
NONE
时间信息
发布时间:
2013-12-11 00:00:00
修改时间:
2025-10-22 00:05:39
创建时间:
2025-11-11 15:33:36
更新时间:
2025-11-11 15:51:05
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2013-3900 |
2025-11-11 15:18:37 | 2025-11-11 07:33:36 |
| NVD | nvd_CVE-2013-3900 |
2025-11-11 14:54:17 | 2025-11-11 07:42:23 |
| CNNVD | cnnvd_CNNVD-201312-181 |
2025-11-11 15:11:56 | 2025-11-11 07:51:05 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:51:05
vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-201312-181; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-201312-181
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:42:23
affected_products_count: 28 → 51; references_count: 1 → 4; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- affected_products_count: 28 -> 51
- references_count: 1 -> 4
- data_sources: ['cve'] -> ['cve', 'nvd']