How does CVE-2020-0601 (ChainOfFools/CurveBall) work to undermine ECC?

Question

What is the recently patched and disclosed Windows 10 OS family Crypt.dll vulnerability CVE-2020-0601, nicknamed ChainOfFools and/or Curveball? I've read up on it and while I understand the basics (deriving an alternative private key from a public key through manipulating cryptographic algorithms so you can spoof a certificate), I don't really understand the technical aspect and how it's used to subvert ECC validation.

what's the logic behind the exploit, how does it work technically to undermine Elliptic Curve cryptography and what can be done with it?

Answer 1

To answer the second part of your question (What can be done with it?): The curveball vulnerability essentially undermines the trust of a certificate (which is crucial in PKI). This allows an attacker to sign content with a spoofed certificate. The content will appear as trustworthy to a user, even though it is not.

Basically everything that uses the Crypt32.dll for verification is affected. Arguably this is most problematic in HTTPS connections (an attacker could perform a Man-in-the-Middle attack that goes unnoticed by the user) and code-signing (an attacker could bring a user to execute code that the user believes to be from a different source).