CVE-2011-0037

CVE-2011-0037 affects Microsoft Malware Protection Engine (MMPE) prior to 1.1.6603.0, used in MSRT, Windows Defender, Security Essentials, Forefront products, and related tools. The vulnerability allows local privilege escalation through a crafted value of an unspecified user registry key. The do...

Microsoft Issues Fix for Bug in Malware Protection Engine

Microsoft has issued an update to its core malware protection engine that fixes a bug that could allow an attacker to gain LocalSystem privileges on a vulnerable machine if a specific set of odd conditions exist. The vulnerability in the Microsoft Malware Protection Engine is a privilege-escalati...

Win Update Scareware Pushes Drive-By Downloads

Cybercriminals are using a fake Windows Update installation dialogue box to sell a bogus security product called Anti-malware Defender, security researchers have warned. Read the full article. Computer Weekly...

Microsoft Windows Defender Active-X Heap Overflow Version 2

Aouther : SarBoT511 Exploits title :Microsoft Windows Defender ActiveX Heap Overflow PoC downloads :www.microsoft.com Date : 2010/01/19 tested on :windows 7 Microsoft Windows Defender targetFile = "C:\Program Files\Windows Defender\MsMpCom.dll" prototype = "Sub WriteValue ByVal bstrKeyName As...

Microsoft Windows Defender Active-X Heap Overflow Version 1

Aouther : SarBoT511 Exploits title :Microsoft Windows Defender ActiveX Heap Overflow PoC downloads :www.microsoft.com Date : 2010/01/19 tested on :windows 7 Microsoft Windows Defender targetFile = "C:\Program Files\Windows Defender\MsMpCom.dll" prototype = "Sub DeleteValue ByVal bstrKeyName As...

Microsoft Windows Defender ActiveX Heap Overflow PoC

Exploit for unknown platform in category dos / poc ==================================================== Microsoft Windows Defender ActiveX Heap Overflow PoC ==================================================== Exploits title :Microsoft Windows Defender ActiveX Heap Overflow PoC tested on :windows...

Microsoft Windows Defender - ActiveX Heap Overflow (PoC)

Microsoft Windows Defender - ActiveX Heap Overflow PoC Exploits title :Microsoft Windows Defender ActiveX Heap Overflow PoC tested on :windows 7 Microsoft Windows Defender targetFile = "C:\Program Files\Windows Defender\MsMpCom.dll" prototype = "Sub DeleteValue ByVal bstrKeyName As String , ByVal...

Microsoft Windows Defender - ActiveX Heap Overflow (PoC)

Exploits title :Microsoft Windows Defender ActiveX Heap Overflow PoC tested on :windows 7 Microsoft Windows Defender targetFile = "C:\Program Files\Windows Defender\MsMpCom.dll" prototype = "Sub DeleteValue ByVal bstrKeyName As String , ByVal bstrValueName As String " memberName = "DeleteValue"...

The Evolution of Rogue Anti-Virus

We often write about the fact that cybercriminals constantly change their tactics to take account of developments in the security and software industries. And I just came across a great example of this: it shows how the people behind rogue antivirus solutions adapt their “products” to exploit...

Update Protection against Recent Malware Threats (5-Jul-09)

The update includes new protections against 11 recent malware threats: Trickler: Trojan.Swizzor-D - Trojan.Swizzor-D is a downloader Trojan that downloads malicious files form remote hosts onto the infected machines. It also communicates with remote servers and transfers unwanted advertisement...

Microsoft Malware Protection Engine TWO DoS Vulnerabilities

CVE-2008-1437 CVE-2008-1438 There are two vulnerabilities idenitified in Microsoft Antivirus product. These vulnerabilities can be exploited to cause Denial of service. 1. CVE-2008-1437 PE Parsing Memory Corruption While scanning a specially crafted PE file, Malware orotection engine...

Microsoft恶意软件保护引擎多个拒绝服务漏洞(MS08-029)

BUGTRAQ ID: 29060,29073 CVECAN ID: CVE-2008-1437,CVE-2008-1438 Microsoft恶意软件保护引擎可为防病毒和反间谍软件客户端提供扫描、监测和清除功能。 Microsoft恶意软件保护引擎处理特制文件的方式中存在拒绝服务漏洞，攻击者可以通过建立特制文件来利用此漏洞，当目标计算机系统接收或Microsoft恶意软件保护引擎扫描到此文件时，就可能导致Microsoft恶意软件保护引擎停止响应和自动重新启动，或耗尽所有磁盘空间 0 Microsoft Windows Live OneCare Microsoft Antigen fo...

Microsoft Security Bulletin MS08-029 – Moderate Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)

Microsoft Security Bulletin MS08-029 – Moderate Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service 952044 Published: May 13, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in the...

MS08-029: Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)

The remote host is running a version of Windows Malware Protection engine that is vulnerable to a bug in the file handling routine which could allow an attacker to crash the protection engine. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid32313; scriptversion"1.24";...

CVE-2003-1527

BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets...

CVE-2003-1527

Affected software : BlackICE Defender 2.9.cap and Server Protection 3.5.cdf. Vulnerability : When configured to automatically block attacks, remote attackers can cause a denial of service by spoofed packets, blocking IP addresses. Root cause/impact : The described behavior enables DoS through spo...

Microsoft Security Bulletin MS07-010 Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)

Microsoft Security Bulletin MS07-010 Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution 932135 Published: February 13, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Malware Protection Engine Impact of Vulnerability: Remote...

MS07-010: Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)

The remote host is running a version of Windows Malware Protection engine that is vulnerable to a bug in the PDF file handling routine that could allow an attacker execute arbitrary code on the remote host by sending a specially crafted file. Tenable Network Security, Inc. include"compat.inc"; if...

CVE-2006-5406

Passgo Defender 5.2 creates the application directory with insecure permissions Everyone/Full Control, which allows local users to read and modify sensitive files. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-5406

Passgo Defender 5.2 creates the application directory with insecure permissions Everyone/Full Control, which allows local users to read and modify sensitive files. NOTE: the provenance of this information is unknown; the details are obtained from third party information...