{"vulnerability": "CVE-2013-3900", "sightings": [{"uuid": "38730907-2d70-4a5f-ac12-5ee508ebf1ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "seen", "source": "MISP/a8009d56-7dab-4b65-a6ee-3caf2773c960", "content": "", "creation_timestamp": "2022-01-05T12:37:10.000000Z"}, {"uuid": "6709716d-ddc1-48e8-bae7-fac49983dd81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "d9e282b0-611a-46e8-b1e0-a676918b5761", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971206", "content": "", "creation_timestamp": "2024-12-24T20:25:52.270140Z"}, {"uuid": "7564f731-ab0d-4db7-a399-d9e4bfec7729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "seen", "source": "https://bsky.app/profile/windowsperf.bsky.social/post/3lfolpycy5k26", "content": "", "creation_timestamp": "2025-01-14T06:10:45.545508Z"}, {"uuid": "120df040-d15a-4659-9b46-86ad0d5f683e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:04.000000Z"}, {"uuid": "586ddb6e-d182-438e-a1fb-100697157dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "seen", "source": "MISP/a8009d56-7dab-4b65-a6ee-3caf2773c960", "content": "", "creation_timestamp": "2025-11-10T20:41:14.000000Z"}, {"uuid": "3fed8a57-64ff-4ec2-adf5-39637f36f488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2013-3900", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9222078e-c0d3-4754-ac1e-69946e0d40d9", "content": "", "creation_timestamp": "2026-02-02T12:28:29.170982Z"}, {"uuid": "6125c9f7-f5ea-4812-a8a5-82467198258c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2013-3900", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=725", "content": "", "creation_timestamp": "2022-01-24T04:00:00.000000Z"}, {"uuid": "f1e09bd2-1fd9-4485-b136-65a2282b4339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "published-proof-of-concept", "source": "https://t.me/cKure/8191", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Can you trust a file's digital signature? \ud83e\udd14\nA new #Zloader campaign abuses CVE-2013-3900 for defense evasion.\n\n\ud83d\udd25 HTA content appended to a signed Microsoft DLL, without breaking trust\n\ud83d\udd25 MSHTA used to execute the appended script\n\ud83d\udd25 CVE-2013-3900 still unpatched by default https://t.co/5n1AoS6hsl", "creation_timestamp": "2021-11-23T11:27:03.000000Z"}, {"uuid": "abbc1cb7-06a9-40e5-98c7-69c6c15a4cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "published-proof-of-concept", "source": "Telegram/rMGPEftinAjzKoR_zE8SBGcQ2vzrHmgR3TCsszmfdrU6i-0", "content": "", "creation_timestamp": "2025-08-18T15:00:06.000000Z"}, {"uuid": "acfa926b-7577-403f-b582-c8e499558216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "published-proof-of-concept", "source": "Telegram/C3dLOex4qKF8CrF74Ro2jk8I9HmXrLWpS6IVMSsoWA8-ZJQ", "content": "", "creation_timestamp": "2025-08-04T21:00:05.000000Z"}, {"uuid": "c9ba262c-fb05-4793-b597-e2199f43adaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "seen", "source": "https://t.me/arpsyndicate/1061", "content": "#ExploitObserverAlert\n\nCVE-2013-3900\n\nDESCRIPTION: Exploit Observer has 17 entries related to CVE-2013-3900. The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka \"WinVerifyTrust Signature Validation Vulnerability.\"\n\nFIRST-EPSS: 0.414100000\nNVD-IS: 10.0\nNVD-ES: 4.9", "creation_timestamp": "2023-12-03T23:47:21.000000Z"}, {"uuid": "d1b90911-0423-4051-ab2b-f4eefa4ce21b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/586", "content": "SignatureGate\n\nCombat version of HellsGate bypassing AV/EDR/EPP by abusing optional fix CVE-2013-3900\n\nhttps://github.com/florylsk/SignatureGate", "creation_timestamp": "2024-06-22T20:47:52.000000Z"}, {"uuid": "81c92fde-d71b-4ce9-9ea0-7d82d31fa233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/2813", "content": "SignatureGate\n\nCombat version of HellsGate bypassing AV/EDR/EPP by abusing optional fix CVE-2013-3900\n\nhttps://github.com/florylsk/SignatureGate", "creation_timestamp": "2023-07-26T10:06:59.000000Z"}, {"uuid": "12f2cf6e-c4dd-4a08-b197-8316ac2b9b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "published-proof-of-concept", "source": "Telegram/L244JoNw57CRJMWCPi_ZRxUkTJoBnlOlWfCWqfHHeiICTHY", "content": "", "creation_timestamp": "2025-04-01T05:00:07.000000Z"}, {"uuid": "baf1b076-b85c-4589-8fe1-c8ca1965864e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "published-proof-of-concept", "source": "Telegram/iKE-ifN8C4jbKlxJZm9dPRBcrWriwuOpiCrJGZ4kRda8BQ8", "content": "", "creation_timestamp": "2025-02-24T04:00:07.000000Z"}, {"uuid": "591722b1-8bbc-488b-8101-8536f48b02e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3080", "content": "30 Tools \ud83d\udd27 \ud83d\udee0\ud83e\ude9b\ud83d\udd28 - Hackers Factory \n\nBREAD\n\nBREAD (BIOS Reverse Engineering & Advanced Debugging) is an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code (on real HW) from another PC via serial cable.\n\nhttps://github.com/Theldus/bread\n\n#cybersecurity #infosec #reverse\n\n\u200b\u200bGTScan \u2014 The Nmap Scanner for Telco\n\nGTScan relies on using empty TCAP layers as probes to detect listening subsystem numbers (i.e application port numbers like 80 for http, 443 for https but for telecom nodes) on the respective global titles. With this way will be able to map the network and use the results to conduct targeted direct attacks to the respective nodes.\n\nhttps://github.com/SigPloiter/GTScan\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bYAWNING-TITAN\n\nYAWNING-TITAN (YT) is an abstract, graph based cyber-security simulation environment that supports the training of intelligent agents for autonomous cyber operations. YAWNING-TITAN currently only supports defensive autonomous agents who face off against probabilistic red agents.\n\nhttps://github.com/dstl/Yawning-Titan\n\n#cybersecurity #infosec\n\n\u200b\u200bIRCP\n\nA robust information gathering tool for large scale reconnaissance on Internet Relay Chat servers.\n\nhttps://github.com/internet-relay-chat/IRCP\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bTinyCheck\n\nTinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs).\n\nhttps://github.com/KasperskyLab/TinyCheck\n\n#cybersecurity #infosec\n\n\u200b\u200bDropSpawn\n\nA #CobaltStrike BOF used to spawn additional Beacons via a relatively unknown method of DLL hijacking. Works x86-x86, x64-x64, and x86-x64/vice versa. Use as an alternative to process injection.\n\nhttps://github.com/Octoberfest7/DropSpawn_BOF\n\n#infosec #pentesting #redteam\n\n\u200b\u200bInstagram-Lookup\n\nThis script allows you to search for an Instagram profile using user ID or retrieve a profile's ID by username. It utilizes the Instagram API to retrieve profile information based on the provided input.\n\nhttps://github.com/AyalX/Instagram-Lookup\n\n#OSINT #recon #infosec\n\n\u200b\u200bScreenshotBOFPlus\n\nTake a screenshot without injection for #CobaltStrike. I only made minor optimizations to the existing code, and made it support the ability to get a complete screenshot when global scaling is initiated on Windows.\n\nhttps://github.com/baiyies/ScreenshotBOFPlus\n\n#infosec #pentesting #redteam\n\n\u200b\u200bBytesafe\n\nSecurity platform that protects organizations from open source software supply chain attacks.\n\nhttps://github.com/bitfront-se/bytesafe-ce\n\n#cybersecurity #infosec\n\n\u200b\u200bSignatureGate\n\nWeaponized version of HellsGate, bypassing AV/EDR/EPPs by abusing opt-in-fix CVE-2013-3900. \n\nhttps://github.com/florylsk/SignatureGate\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-33829\n\nSCM Manager XSS\n\nhttps://github.com/CKevens/CVE-2023-33829-POC\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bBypassNeo-reGeorg\n\nAnti-kill version Neo-reGeorg.\n\nhttps://github.com/r00tSe7en/BypassNeo-reGeorg\n\n#infosec #pentesting #redteam\n\n\u200b\u200bUTopia\n\nA tool for automatically generating fuzz drivers from unit tests.\n\nhttps://github.com/Samsung/UTopia\n\n#cybersecurity #infosec\n\n\u200b\u200bShellcode PageSplit\n\nSplitting and executing shellcode across multiple pages.\n\nhttps://github.com/x0reaxeax/PageSplit\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-2283\n\nAuthentication bypass vulnerability in libssh, which, under certain conditions, may enable a remote attacker to gain unauthorized access to another user\u2019s account via ssh login.\n\nhttps://github.com/github/securitylab/tree/1786eaae7f90d87ce633c46bbaa0691d2f9bf449/SecurityExploits/libssh/pubkey-auth-bypass-CVE-2023-2283\n\n#cybersecurity #infosec\n\n\u200b\u200bIndoXploit-Shell \n\nhttps://github.com/flux10n/IndoXploit-WebShell\n\n#infosec #pentesting #redteam\n\n\u200b\u200b1/2", "creation_timestamp": "2023-06-10T10:53:16.000000Z"}, {"uuid": "c0d3a3b3-d809-49fc-af67-b5493548b367", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "published-proof-of-concept", "source": "Telegram/PVvGcGV94vzZiCnSpnX3C6MSU-TxAfg9O2NH6nthWCKdS74", "content": "", "creation_timestamp": "2023-06-12T21:13:08.000000Z"}, {"uuid": "dc3278e8-57e9-4dd8-b75d-f983e492b88e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "published-proof-of-concept", "source": "Telegram/bpcEN8CSWnNrc7wnr8xcrh3wH36_tNQ_R7OcsCOfUW2S3Oo", "content": "", "creation_timestamp": "2023-07-23T09:36:18.000000Z"}, {"uuid": "7b5b0268-f1e9-4a52-b84c-e7dbce1d773d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2013-3900", "type": "exploited", "source": "Telegram/jaepX_8CUKwgSsD1kwHICwK-nWaGG1E2ZhTcJ5p0hQ5uVBUr", "content": "", "creation_timestamp": "2023-07-23T12:47:25.000000Z"}]}