MS13-098: Vulnerability in Windows Could Allow Remote Code Execution (2893294)

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by a remote code execution

Description :

The remote host contains a version of Microsoft Windows that is
affected by a remote code execution vulnerability. The vulnerability
exists in the method in which the WinVerifyTrust function deals with
Windows Authenticode signature verification for portable executable
files. An attacker could modify an existing signed executable to add
malicious code without invalidating the signature. An attacker could
then convince a user to run this signed executable and gain complete
control of the system.

See also :

Solution :

Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.

Risk factor :

High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.6
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 71313 ()

Bugtraq ID: 64079

CVE ID: CVE-2013-3900

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now