Upstream information
Description
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having critical severity.
SUSE Bugzilla entry: 1160989 [RESOLVED / INVALID] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Wed Jan 15 05:28:57 2020CVE page last modified: Mon Sep 9 15:42:44 2024