A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Golang |
|
| Microsoft |
|
Configuration 1 [-]
|
Configuration 2 [-]
| AND |
|
No data.
References
History
Thu, 10 Apr 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Microsoft windows 10 1507
Microsoft windows 10 1607 Microsoft windows 10 1709 Microsoft windows 10 1803 Microsoft windows 10 1809 Microsoft windows 10 1903 Microsoft windows 10 1909 Microsoft windows Server 1803 Microsoft windows Server 1903 Microsoft windows Server 1909 |
|
| CPEs | cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:* |
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:* cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:* cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:arm64:* cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:arm64:* cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:* |
| Vendors & Products |
Microsoft windows 10
|
Microsoft windows 10 1507
Microsoft windows 10 1607 Microsoft windows 10 1709 Microsoft windows 10 1803 Microsoft windows 10 1809 Microsoft windows 10 1903 Microsoft windows 10 1909 Microsoft windows Server 1803 Microsoft windows Server 1903 Microsoft windows Server 1909 |
Fri, 07 Feb 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
kev
|
MITRE
Status: PUBLISHED
Assigner: microsoft
Published:
Updated: 2025-02-07T15:27:24.883Z
Reserved: 2019-11-04T00:00:00.000Z
Link: CVE-2020-0601
Vulnrichment
Updated: 2024-08-04T06:11:04.613Z
NVD
Status : Analyzed
Published: 2020-01-14T23:15:30.207
Modified: 2025-04-10T16:54:50.000
Link: CVE-2020-0601
Redhat
No data.