CVE-2011-0037

2011-02-2518:00:01

CWE-20

[email protected]

web.nvd.nist.gov

microsoft

malware protection

cve-2011-0037

nvd

security essentials

windows defender

forefront endpoint protection

6.6 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

19.2%

JSON

Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.

Affected configurations

NVD

Node

microsoftforefront_client_security

microsoftforefront_endpoint_protection_2010Match-

microsoftmalicious_software_removal_tool

microsoftmalware_protection_engineRange≤1.1.6502.0

microsoftmalware_protection_engineMatch0.1.13.192

microsoftmalware_protection_engineMatch1.1.3520.0

microsoftsecurity_essentials

microsoftwindows_defender

microsoftwindows_live_onecare

CPENameOperatorVersion
microsoft:forefront_client_securitymicrosoft forefront client securityeq*
microsoft:forefront_endpoint_protection_2010microsoft forefront endpoint protection 2010eq-
microsoft:malicious_software_removal_toolmicrosoft malicious software removal tooleq*
microsoft:malware_protection_enginemicrosoft malware protection enginele1.1.6502.0
microsoft:malware_protection_enginemicrosoft malware protection engineeq0.1.13.192
microsoft:malware_protection_enginemicrosoft malware protection engineeq1.1.3520.0
microsoft:security_essentialsmicrosoft security essentialseq*
microsoft:windows_defendermicrosoft windows defendereq*
microsoft:windows_live_onecaremicrosoft windows live onecareeq*

CPE	Name	Operator	Version
microsoft:forefront_client_security	microsoft forefront client security	eq	*
microsoft:forefront_endpoint_protection_2010	microsoft forefront endpoint protection 2010	eq	-
microsoft:malicious_software_removal_tool	microsoft malicious software removal tool	eq	*
microsoft:malware_protection_engine	microsoft malware protection engine	le	1.1.6502.0
microsoft:malware_protection_engine	microsoft malware protection engine	eq	0.1.13.192
microsoft:malware_protection_engine	microsoft malware protection engine	eq	1.1.3520.0
microsoft:security_essentials	microsoft security essentials	eq	*
microsoft:windows_defender	microsoft windows defender	eq	*
microsoft:windows_live_onecare	microsoft windows live onecare	eq	*