VDB
CVE-2020-0601
CVE-2020-0601
PUBLISHED
KEV
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
EPSS 94.09% · 99.9th percentile
Risk Scores
EPSS Score
94.09%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | golang | 1.12.0, 1.13.0 |
| Bitnami | golang | 1.13.0, 1.12.0 |
Exploit Intelligence
- 这资源是作者复现微软签字证书漏洞CVE-2020-0601,结合相关资源及文章实现。推荐大家结合作者博客,复现了该漏洞和理解恶意软件自启动劫持原理。作为网络安全初学者,自己确实很菜,但希望坚持下去,一起加油! (github-poc-repo)
- 这资源是作者复现微软签字证书漏洞CVE-2020-0601,结合相关资源及文章实现。推荐大家结合作者博客,复现了该漏洞和理解恶意软件自启动劫持原理。作为网络安全初学者,自己确实很菜,但希望坚持下去,一起加油! (github-poc-repo)
- 这资源是作者复现微软签字证书漏洞CVE-2020-0601,结合相关资源及文章实现。推荐大家结合作者博客,复现了该漏洞和理解恶意软件自启动劫持原理。作为网络安全初学者,自己确实很菜,但希望坚持下去,一起加油! (github-poc-repo)
- 这资源是作者复现微软签字证书漏洞CVE-2020-0601,结合相关资源及文章实现。推荐大家结合作者博客,复现了该漏洞和理解恶意软件自启动劫持原理。作为网络安全初学者,自己确实很菜,但希望坚持下去,一起加油! (github-poc-repo)
- 这资源是作者复现微软签字证书漏洞CVE-2020-0601,结合相关资源及文章实现。推荐大家结合作者博客,复现了该漏洞和理解恶意软件自启动劫持原理。作为网络安全初学者,自己确实很菜,但希望坚持下去,一起加油! (github-poc-repo)
- 这资源是作者复现微软签字证书漏洞CVE-2020-0601,结合相关资源及文章实现。推荐大家结合作者博客,复现了该漏洞和理解恶意软件自启动劫持原理。作为网络安全初学者,自己确实很菜,但希望坚持下去,一起加油! (github-poc-repo)
- 这资源是作者复现微软签字证书漏洞CVE-2020-0601,结合相关资源及文章实现。推荐大家结合作者博客,复现了该漏洞和理解恶意软件自启动劫持原理。作为网络安全初学者,自己确实很菜,但希望坚持下去,一起加油! (github-poc-repo)
- 这资源是作者复现微软签字证书漏洞CVE-2020-0601,结合相关资源及文章实现。推荐大家结合作者博客,复现了该漏洞和理解恶意软件自启动劫持原理。作为网络安全初学者,自己确实很菜,但希望坚持下去,一起加油! (github-poc-repo)
- exploitblizzard/CVE-2020-0601-spoofkey (github-poc-repo)
- exploitblizzard/CVE-2020-0601-spoofkey (github-poc-repo)
…and 417 more exploits
Timeline
- May 23, 2014 PoC Published
- Jan 14, 2020 CVE Published
- Jan 16, 2020 PoC Published
- Jan 21, 2020 PoC Published
- Jun 26, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Nov 3, 2021 CISA KEV Added
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
References
- http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html url
- http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html url
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601 url
- https://nvd.nist.gov/vuln/detail/CVE-2020-0601 url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0601 url
- Vulnérabilité dans Microsoft Windows advisory