8.1 / 10

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

Weakness: Improper Certificate Validation

The software does not validate, or incorrectly validates, a certificate.

Published: 2020-01-14

Vulnerable Products

Community Advisory

Improve Advisory

CVE-2020-0601 Exploits (34)

Show all exploits (+24):

Official CVE References

View references (3)