cve/2020/CVE-2020-0601.md

### [CVE-2020-0601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0601)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201903%20for%2032-bit%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201903%20for%20ARM64-based%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201903%20for%20x64-based%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201909%20for%2032-bit%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201909%20for%20ARM64-based%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201909%20for%20x64-based%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%2C%20version%201903%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%2C%20version%201909%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Spoofing&color=brighgreen)

### Description

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

### POC

#### Reference
- http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0xT11/CVE-POC
- https://github.com/0xxon/cve-2020-0601
- https://github.com/0xxon/cve-2020-0601-plugin
- https://github.com/0xxon/cve-2020-0601-utils
- https://github.com/20142995/sectool
- https://github.com/3th1c4l-t0n1/EnableWindowsLogSettings
- https://github.com/5l1v3r1/CVE-2020-0606
- https://github.com/84KaliPleXon3/ctf-katana
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AWimpyNiNjA/Powershell
- https://github.com/AdavVegab/PoC-Curveball
- https://github.com/AmitNiz/exploits
- https://github.com/ArrestX/--POC
- https://github.com/Ash112121/CVE-2020-0601
- https://github.com/BlueTeamSteve/CVE-2020-0601
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CheatBreaker/Security-Advisory
- https://github.com/CnHack3r/Penetration_PoC
- https://github.com/DipeshGarg/Shell-Scripts
- https://github.com/Doug-Moody/Windows10_Cumulative_Updates_PowerShell
- https://github.com/EchoGin404/-
- https://github.com/EchoGin404/gongkaishouji
- https://github.com/ExpLife0011/awesome-windows-kernel-security-development
- https://github.com/FumoNeko/Hashcheck
- https://github.com/GhostTroops/TOP
- https://github.com/Hans-MartinHannibalLauridsen/CurveBall
- https://github.com/IIICTECH/-CVE-2020-0601-ECC---EXPLOIT
- https://github.com/InQuest/yara-rules
- https://github.com/Information-Warfare-Center/CSI-SIEM
- https://github.com/JERRY123S/all-poc
- https://github.com/JPurrier/CVE-2020-0601
- https://github.com/JoelBts/CVE-2020-0601_PoC
- https://github.com/JohnHammond/ctf-katana
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/MarkusZehnle/CVE-2020-0601
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Ondrik8/exploit
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/RrUZi/Awesome-CVE-2020-0601
- https://github.com/SexyBeast233/SecBooks
- https://github.com/ShayNehmad/twoplustwo
- https://github.com/SherlockSec/CVE-2020-0601
- https://github.com/Threekiii/Awesome-POC
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/Tyro-Shan/gongkaishouji
- https://github.com/XTeam-Wing/RedTeaming2020
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
- https://github.com/Yamato-Security/EnableWindowsLogSettings
- https://github.com/YoannDqr/CVE-2020-0601
- https://github.com/YojimboSecurity/YojimboSecurity
- https://github.com/YojimboSecurity/chainoffools
- https://github.com/ZTK-009/Penetration_PoC
- https://github.com/amlweems/gringotts
- https://github.com/apmunch/CVE-2020-0601
- https://github.com/apodlosky/PoC_CurveBall
- https://github.com/aymankhder/ctf_solver
- https://github.com/bsides-rijeka/meetup-2-curveball
- https://github.com/cimashiro/-Awesome-CVE-2020-0601-
- https://github.com/cisagov/Malcolm
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/david4599/CurveballCertTool
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dlee35/curveball_lua
- https://github.com/eastmountyxz/CSDNBlog-Security-Based
- https://github.com/eastmountyxz/CVE-2018-20250-WinRAR
- https://github.com/eastmountyxz/CVE-2020-0601-EXP
- https://github.com/eastmountyxz/NetworkSecuritySelf-study
- https://github.com/eastmountyxz/SystemSecurity-ReverseAnalysis
- https://github.com/exploitblizzard/CVE-2020-0601-spoofkey
- https://github.com/gentilkiwi/curveball
- https://github.com/githuberxu/Safety-Books
- https://github.com/gremwell/cve-2020-0601_poc
- https://github.com/gremwell/qsslcaudit
- https://github.com/gremwell/qsslcaudit-pkg-deb
- https://github.com/hackerhouse-opensource/exploits
- https://github.com/hasee2018/Penetration_Testing_POC
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/huike007/penetration_poc
- https://github.com/huike007/poc
- https://github.com/huynhvanphuc/EnableWindowsLogSettings
- https://github.com/hwiwonl/dayone
- https://github.com/ioncodes/Curveball
- https://github.com/ioncodes/ioncodes
- https://github.com/jbmihoub/all-poc
- https://github.com/kerk1/WarfareCenter-CSI-SIEM
- https://github.com/kudelskisecurity/chainoffools
- https://github.com/kudelskisecurity/northsec_crypto_api_attacks
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lnick2023/nicenice
- https://github.com/ly4k/CurveBall
- https://github.com/mmguero-dev/Malcolm-PCAP
- https://github.com/modubyk/CVE_2020_0601
- https://github.com/mvlnetdev/zeek_detection_script_collection
- https://github.com/nissan-sudo/CVE-2020-0601
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/okanulkr/CurveBall-CVE-2020-0601-PoC
- https://github.com/password520/Penetration_PoC
- https://github.com/pentration/gongkaishouji
- https://github.com/pravinsrc/NOTES-windows-kernel-links
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/robmichel2854/robs-links
- https://github.com/s1lver-lining/Starlight
- https://github.com/saleemrashid/badecparams
- https://github.com/shengshengli/NetworkSecuritySelf-study
- https://github.com/soosmile/POC
- https://github.com/sourcx/zeekweek-2021
- https://github.com/supermandw2018/SystemSecurity-ReverseAnalysis
- https://github.com/talbeerysec/CurveBallDetection
- https://github.com/thimelp/cve-2020-0601-Perl
- https://github.com/tobor88/PowerShell-Blue-Team
- https://github.com/tyj956413282/curveball-plus
- https://github.com/ucsb-seclab/DeepCASE-Dataset
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yanghaoi/CVE-2020-0601
- https://github.com/yedada-wei/-
- https://github.com/yedada-wei/gongkaishouji
- https://github.com/yshneyderman/CS590J-Capstone
- https://github.com/ztora/msvuln
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2020-0601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0601)`
			`![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201903%20for%2032-bit%20Systems&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201903%20for%20ARM64-based%20Systems&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201903%20for%20x64-based%20Systems&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201909%20for%2032-bit%20Systems&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201909%20for%20ARM64-based%20Systems&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201909%20for%20x64-based%20Systems&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%2C%20version%201903%20(Server%20Core%20installation)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%2C%20version%201909%20(Server%20Core%20installation)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Windows&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Spoofing&color=brighgreen)`

			`### Description`

			`A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html`
			`- http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html`

			`#### Github`
			`- https://github.com/0day404/vulnerability-poc`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/0xxon/cve-2020-0601`
			`- https://github.com/0xxon/cve-2020-0601-plugin`
			`- https://github.com/0xxon/cve-2020-0601-utils`
			`- https://github.com/20142995/sectool`
			`- https://github.com/3th1c4l-t0n1/EnableWindowsLogSettings`
			`- https://github.com/5l1v3r1/CVE-2020-0606`
			`- https://github.com/84KaliPleXon3/ctf-katana`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/AWimpyNiNjA/Powershell`
			`- https://github.com/AdavVegab/PoC-Curveball`
			`- https://github.com/AmitNiz/exploits`
			`- https://github.com/ArrestX/--POC`
			`- https://github.com/Ash112121/CVE-2020-0601`
			`- https://github.com/BlueTeamSteve/CVE-2020-0601`
			`- https://github.com/CVEDB/PoC-List`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/CVEDB/top`
			`- https://github.com/CheatBreaker/Security-Advisory`
			`- https://github.com/CnHack3r/Penetration_PoC`
			`- https://github.com/DipeshGarg/Shell-Scripts`
			`- https://github.com/Doug-Moody/Windows10_Cumulative_Updates_PowerShell`
			`- https://github.com/EchoGin404/-`
			`- https://github.com/EchoGin404/gongkaishouji`
			`- https://github.com/ExpLife0011/awesome-windows-kernel-security-development`
			`- https://github.com/FumoNeko/Hashcheck`
			`- https://github.com/GhostTroops/TOP`
			`- https://github.com/Hans-MartinHannibalLauridsen/CurveBall`
			`- https://github.com/IIICTECH/-CVE-2020-0601-ECC---EXPLOIT`
			`- https://github.com/InQuest/yara-rules`
			`- https://github.com/Information-Warfare-Center/CSI-SIEM`
			`- https://github.com/JERRY123S/all-poc`
			`- https://github.com/JPurrier/CVE-2020-0601`
			`- https://github.com/JoelBts/CVE-2020-0601_PoC`
			`- https://github.com/JohnHammond/ctf-katana`
			`- https://github.com/KayCHENvip/vulnerability-poc`
			`- https://github.com/MarkusZehnle/CVE-2020-0601`
			`- https://github.com/Miraitowa70/POC-Notes`
			`- https://github.com/Mr-xn/Penetration_Testing_POC`
			`- https://github.com/Ondrik8/exploit`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/RrUZi/Awesome-CVE-2020-0601`
			`- https://github.com/SexyBeast233/SecBooks`
			`- https://github.com/ShayNehmad/twoplustwo`
			`- https://github.com/SherlockSec/CVE-2020-0601`
			`- https://github.com/Threekiii/Awesome-POC`
Update CVE sources 2024-07-25 21:25 2024-07-25 21:25:12 +00:00			`- https://github.com/TrojanAZhen/Self_Back`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/Tyro-Shan/gongkaishouji`
Update CVE sources 2024-06-08 09:32 2024-06-08 09:32:58 +00:00			`- https://github.com/XTeam-Wing/RedTeaming2020`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/YIXINSHUWU/Penetration_Testing_POC`
			`- https://github.com/Yamato-Security/EnableWindowsLogSettings`
			`- https://github.com/YoannDqr/CVE-2020-0601`
			`- https://github.com/YojimboSecurity/YojimboSecurity`
			`- https://github.com/YojimboSecurity/chainoffools`
Update Mon May 27 13:12:02 UTC 2024 2024-05-27 13:12:02 +00:00			`- https://github.com/ZTK-009/Penetration_PoC`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/amlweems/gringotts`
			`- https://github.com/apmunch/CVE-2020-0601`
			`- https://github.com/apodlosky/PoC_CurveBall`
			`- https://github.com/aymankhder/ctf_solver`
			`- https://github.com/bsides-rijeka/meetup-2-curveball`
			`- https://github.com/cimashiro/-Awesome-CVE-2020-0601-`
			`- https://github.com/cisagov/Malcolm`
			`- https://github.com/cyberanand1337x/bug-bounty-2022`
			`- https://github.com/d4n-sec/d4n-sec.github.io`
			`- https://github.com/david4599/CurveballCertTool`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/dlee35/curveball_lua`
			`- https://github.com/eastmountyxz/CSDNBlog-Security-Based`
			`- https://github.com/eastmountyxz/CVE-2018-20250-WinRAR`
			`- https://github.com/eastmountyxz/CVE-2020-0601-EXP`
			`- https://github.com/eastmountyxz/NetworkSecuritySelf-study`
			`- https://github.com/eastmountyxz/SystemSecurity-ReverseAnalysis`
			`- https://github.com/exploitblizzard/CVE-2020-0601-spoofkey`
			`- https://github.com/gentilkiwi/curveball`
			`- https://github.com/githuberxu/Safety-Books`
			`- https://github.com/gremwell/cve-2020-0601_poc`
			`- https://github.com/gremwell/qsslcaudit`
			`- https://github.com/gremwell/qsslcaudit-pkg-deb`
			`- https://github.com/hackerhouse-opensource/exploits`
			`- https://github.com/hasee2018/Penetration_Testing_POC`
			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/hktalent/TOP`
			`- https://github.com/huike007/penetration_poc`
			`- https://github.com/huike007/poc`
			`- https://github.com/huynhvanphuc/EnableWindowsLogSettings`
			`- https://github.com/hwiwonl/dayone`
			`- https://github.com/ioncodes/Curveball`
			`- https://github.com/ioncodes/ioncodes`
			`- https://github.com/jbmihoub/all-poc`
			`- https://github.com/kerk1/WarfareCenter-CSI-SIEM`
			`- https://github.com/kudelskisecurity/chainoffools`
			`- https://github.com/kudelskisecurity/northsec_crypto_api_attacks`
			`- https://github.com/lions2012/Penetration_Testing_POC`
			`- https://github.com/lnick2023/nicenice`
			`- https://github.com/ly4k/CurveBall`
			`- https://github.com/mmguero-dev/Malcolm-PCAP`
			`- https://github.com/modubyk/CVE_2020_0601`
			`- https://github.com/mvlnetdev/zeek_detection_script_collection`
			`- https://github.com/nissan-sudo/CVE-2020-0601`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/okanulkr/CurveBall-CVE-2020-0601-PoC`
			`- https://github.com/password520/Penetration_PoC`
Update CVE sources 2024-08-12 19:01 2024-08-12 19:01:27 +00:00			`- https://github.com/pentration/gongkaishouji`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/pravinsrc/NOTES-windows-kernel-links`
			`- https://github.com/qazbnm456/awesome-cve-poc`
			`- https://github.com/robmichel2854/robs-links`
			`- https://github.com/s1lver-lining/Starlight`
			`- https://github.com/saleemrashid/badecparams`
			`- https://github.com/shengshengli/NetworkSecuritySelf-study`
			`- https://github.com/soosmile/POC`
			`- https://github.com/sourcx/zeekweek-2021`
			`- https://github.com/supermandw2018/SystemSecurity-ReverseAnalysis`
			`- https://github.com/talbeerysec/CurveBallDetection`
			`- https://github.com/thimelp/cve-2020-0601-Perl`
			`- https://github.com/tobor88/PowerShell-Blue-Team`
			`- https://github.com/tyj956413282/curveball-plus`
			`- https://github.com/ucsb-seclab/DeepCASE-Dataset`
			`- https://github.com/weeka10/-hktalent-TOP`
			`- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-`
			`- https://github.com/xbl3/awesome-cve-poc_qazbnm456`
			`- https://github.com/xuetusummer/Penetration_Testing_POC`
			`- https://github.com/yanghaoi/CVE-2020-0601`
			`- https://github.com/yedada-wei/-`
			`- https://github.com/yedada-wei/gongkaishouji`
			`- https://github.com/yshneyderman/CS590J-Capstone`
			`- https://github.com/ztora/msvuln`