Microsoft Security Essentials < v4.2 Local Privilege Escalation Vulnerability

Binary data 6818.prm...

Microsoft Malware Protection Engine CVE-2013-1346 Remote Code Execution Vulnerability

Description Microsoft Malware Protection Engine is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code with LocalSystem account privileges. Failed exploit attempts will result in a denial-of-service condition. Microsoft Malware Protection...

Microsoft Security Essentials本地权限提升漏洞

BUGTRAQ ID: 59645 Microsoft Security Essential（微软安全软件），是微软安全中心推出的一款用于您的计算机的全新、免费的反恶意软件。 Microsoft Security Essentials 存在本地权限提升漏洞，攻击者可利用此漏洞在LocalSystem账户的上下文中执行任意代码。此漏洞源于解析特制文件时，对路径名的验证不足。 0 Microsoft Security Essentials 厂商补丁： Microsoft --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Vulnerability in Microsoft Security Essentials &lt;v4.2

Hi @ll, versions of Microsoft Security Essentials before the current v4.2 see https://support.microsoft.com/kb/2805304 have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account almost like https://support.microsoft.com/kb/2781197 alias...

Microsoft Security Essentials Code Execution

Hi @ll, versions of Microsoft Security Essentials before the current v4.2 see have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account almost like alias . The "UninstallString" written to...

Why I decided to uninstall Microsoft Security Essentials Antivirus?

Today I decided to remove Microsoft Security Essentials Antivirus from my system because Security Essentials failed another certification test by independent testing lab, AV-Test Institute. Microsoft's Security Essentials antivirus for Windows XP, Vista, and Windows 7 is a free add-on to Windows...

Why I decided to uninstall Microsoft Security Essentials Antivirus?

Today I decided to remove Microsoft Security Essentials Antivirus from my system because Security Essentials failed another certification test by independent testing lab, AV-Test Institute. Microsoft's Security Essentials antivirus for Windows XP, Vista, and Windows 7 is a free add-on to Windows...

CVE-2012-1443

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal aka Cat QuickHeal 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0....

CVE-2012-1420

The CVE-2012-1420 entry concerns multiple antivirus products (Quick Heal/Cat QuickHeal 11.00; Command Antivirus 5.2.11.5; F-Prot 4.6.2.117; Fortinet 4.2.254.0; K7 9.77.3565; Kaspersky 7.0.0.125; Antimalware Engine 1.1.6402.0; Microsoft Security Essentials 2.0; NOD32 5795; Norman 6.06.12; Panda 10...

CVE-2011-4818

Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component...

CVE-2011-1397

Cross-site request forgery CSRF vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM...

Code injection

The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management...

Cross site scripting

Cross-site scripting XSS vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter...

Session fixation

IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database CCMDB 6.2, 7.1, and 7.2 all...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to 1 maximo.jsp or 2 the default URI under ui/...

Cross site scripting

Cross-site scripting XSS vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service...

CVE-2011-1396

The CVE-2011-1396 entry describes an XSS vulnerability in IBM Maximo Asset Management and Asset Management Essentials (versions 6.2, 7.1, 7.5) that allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component. Affected products include Ma...

CVE-2011-4818

CVE-2011-4818 affects IBM Maximo Asset Management and Asset Management Essentials (versions 6.2, 7.1, 7.5). It is an open redirect via the uisessionid parameter to an unspecified component, enabling remote authenticated users to redirect to arbitrary sites (phishing risk). IBM’s vulnerability not...

CVE-2011-1397

CVE-2011-1397 is a CSRF vulnerability in IBM Maximo and related products (Asset Management, Essentials, Tivoli AM for IT, Service Request Manager, Maximo Service Desk, CCMDB) affecting 6.2, 7.1, 7.2 and 7.5. Attack could hijack user authentication via the Labor Reporting page. IBM remediation via...

CVE-2011-4817

The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management...