Security Advisory

CVE-2020-0601

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-14 23:11:20

Last updated 2025-10-21 23:35:53

Assigner microsoft

State PUBLISHED

Description

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka Windows CryptoAPI Spoofing Vulnerability.

← Browse all CVEs View on cve.org ↗