Vulnerability CVE-2011-0037
Published: 2011-02-25   Modified: 2012-02-13

Description:
Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microsoft -> Forefront client security 
Microsoft -> Forefront endpoint protection 2010 
Microsoft -> Malicious software removal tool 
Microsoft -> Malware protection engine 
Microsoft -> Security essentials 
Microsoft -> Windows defender 
Microsoft -> Windows live onecare 

 References:
http://xforce.iss.net/xforce/xfdb/65626
http://www.vupen.com/english/advisories/2011/0486
http://www.securityfocus.com/bid/46540
http://www.microsoft.com/technet/security/advisory/2491888.mspx
http://securitytracker.com/id?1025117
http://secunia.com/advisories/43468
Copyright 2024, cxsecurity.com

 

Back to Top