VYPR
Unrated severityNVD Advisory· Published Aug 14, 2019· Updated Aug 4, 2024

Windows File Signature Security Feature Bypass Vulnerability

CVE-2019-1163

Description

A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convince a target user to execute the file. The update addresses the vulnerability by correcting how Windows validates file signatures.

Affected products

9
  • cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*+ 3 more
    • cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*range: 10.0.0
    • cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*range: 10.0.0
    • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*range: 10.0.0
    • cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*range: 10.0.0
  • cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
    Range: 10.0.0
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*+ 1 more
    • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*range: 10.0.0
    • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*range: 10.0.0
  • cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
    Range: 10.0.0
  • cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
    Range: 10.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.