10 matches found
CVE-2023-33156
The connected Nessus entry details a local elevation of privilege vulnerability in Microsoft Defender’s Malware Protection Engine, affecting installations prior to version 1.1.23050.3. The CVE is CVE-2023-33156. If exploited, this could allow privilege elevation on affected Windows hosts. The rem...
CVE-2022-24548
CVE-2022-24548 is a Microsoft Defender Denial of Service vulnerability. It affects the Malware Protection Engine in Windows Defender (remote/ local context) and is tied to versions equal to or prior to 1.1.19100.5. The underlying cause, as described in multiple sources, is a flaw in how the produ...
CVE-2021-42298
CVE-2021-42298 : Microsoft Defender Remote Code Execution vulnerability affecting the Microsoft Defender/Malware Protection Engine. Exploitation can be initiated remotely without authentication, but requires user interaction for success. Some sources note a lack of public technical details or exp...
CVE-2023-24860
CVE-2023-24860 describes a Denial-of-Service vulnerability in Microsoft Defender. The CVE affects the Microsoft Malware Protection Engine used by Windows Defender, with CVSS v3.1 metrics: Network attack vector, no user interaction, no privileges required, and an availability impact of High. The r...
CVE-2021-31985
CVE-2021-31985 – Microsoft Defender Remote Code Execution Vulnerability. The connected documents confirm this is a vulnerability in the Microsoft Defender/Malware Protection Engine with remote code execution potential. Patches were released as part of Microsoft’s June 2021 updates (MSRC guidance ...
CVE-2022-37971
CVE-2022-37971 is a Windows Defender elevation-of-privilege vulnerability in the Malware Protection Engine. It allows a local attacker with low privileges and no user interaction to potentially obtain SYSTEM-level privileges on the host. The CVSSv3.1 score is 7.1 (LP: local, IL: high, AI: high). ...
CVE-2021-34522
CVE-2021-34522 is a Microsoft Defender vulnerability in the Microsoft Malware Protection Engine used by Windows Defender. Reports describe it as a Remote Code Execution issue with a local attack vector and high impact on confidentiality, integrity, and availability. Exploitation is conditioned on...
CVE-2021-34471
CVE-2021-34471 is described across connected sources as a local privilege-escalation vulnerability in Microsoft Defender’s Malware Protection Engine (MPE)/Windows Defender. Some documents (e.g., NASL plugin) reference an affected MPE version prior to 1.1.18400.4 and cite insufficient access contr...
CVE-2021-31978
CVE-2021-31978 is a Denial of Service vulnerability in the Microsoft Defender Malware Protection Engine (Windows Defender) used by Microsoft Defender/Exchange of System Center products. The issue affects the Malware Protection Engine and can impact availability; exploitation is local and, per the...
CVE-2006-5270
The CVE-2006-5270 issue is a remote code execution vulnerability in the Microsoft Malware Protection Engine (mpengine.dll) caused by an integer overflow when parsing PDF files. Affected products include Windows Live OneCare, Microsoft Antigen (Exchange 9.x and SMTP Gateway 9.x), Windows Defender ...