CVE-2020-0601
CVE-2020-0601
In short
Windows CryptoAPI fails to properly validate ECC certificates, allowing attackers to create fake certificates that appear legitimate. This lets malicious code appear to come from trusted sources, tricking users and systems into running it.
Technical detail
CryptoAPI (Crypt32.dll) improperly validates Elliptic Curve Cryptography certificates, enabling certificate spoofing attacks. An attacker can craft a malicious code-signing certificate that bypasses validation checks, allowing unsigned or maliciously-signed executables to appear as legitimately signed software from trusted publishers.
Summary generated and translated by AI from the official description.
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected products
Microsoft · WindowsMicrosoft · Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Windows 10 Version 1903 for x64-based SystemsMicrosoft · Windows 10 Version 1909 for 32-bit SystemsMicrosoft · Windows 10 Version 1909 for ARM64-based SystemsMicrosoft · Windows 10 Version 1909 for x64-based SystemsMicrosoft · Windows ServerMicrosoft · Windows Server, version 1903 (Server Core installation)Microsoft · Windows Server, version 1909 (Server Core installation)public PoCs found — 38
githubgithub.com/ly4k/CurveBall★ 888githubgithub.com/kudelskisecurity/chainoffools★ 335githubgithub.com/gentilkiwi/curveball★ 78githubgithub.com/saleemrashid/badecparams★ 66githubgithub.com/0xxon/cve-2020-0601★ 35githubgithub.com/eastmountyxz/CVE-2020-0601-EXP★ 30githubgithub.com/ioncodes/Curveball★ 20githubgithub.com/0xxon/cve-2020-0601-plugin★ 5githubgithub.com/RrUZi/Awesome-CVE-2020-0601★ 5githubgithub.com/IIICTECH/-CVE-2020-0601-ECC---EXPLOIT★ 3githubgithub.com/nissan-sudo/CVE-2020-0601★ 2githubgithub.com/gremwell/cve-2020-0601_poc★ 2githubgithub.com/YoannDqr/CVE-2020-0601★ 2githubgithub.com/BlueTeamSteve/CVE-2020-0601★ 1githubgithub.com/amlweems/gringotts★ 1githubgithub.com/yanghaoi/CVE-2020-0601★ 1githubgithub.com/talbeerysec/CurveBallDetection★ 1githubgithub.com/eastmountyxz/CVE-2018-20250-WinRAR★ 1githubgithub.com/Hans-MartinHannibalLauridsen/CurveBall★ 1githubgithub.com/Doug-Moody/Windows10_Cumulative_Updates_PowerShell★ 1githubgithub.com/SherlockSec/CVE-2020-0601★ 1githubgithub.com/ShayNehmad/twoplustwo★ 0githubgithub.com/JPurrier/CVE-2020-0601★ 0githubgithub.com/0xxon/cve-2020-0601-utils★ 0githubgithub.com/MarkusZehnle/CVE-2020-0601★ 0githubgithub.com/thimelp/cve-2020-0601-Perl★ 0githubgithub.com/dlee35/curveball_lua★ 0githubgithub.com/Ash112121/CVE-2020-0601★ 0githubgithub.com/apodlosky/PoC_CurveBall★ 0githubgithub.com/CrackerCat/CurveballCertTool★ 0githubgithub.com/tyj956413282/curveball-plus★ 0githubgithub.com/JoelBts/CVE-2020-0601_PoC★ 0githubgithub.com/exploitblizzard/CVE-2020-0601-spoofkey★ 0githubgithub.com/bsides-rijeka/meetup-2-curveball★ 0githubgithub.com/okanulkr/CurveBall-CVE-2020-0601-PoC★ 0cve_referencepacketstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47933unverifiedcve_referencepacketstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0601