28 matches found
CVE-2021-1647
CVE-2021-1647 is a Microsoft Defender Remote Code Execution vulnerability. Multiple sources indicate it was exploited in the wild before patches were available, affecting Microsoft Defender/Windows Defender. The advisory notes a remote code execution risk; exploitation could allow an attacker to ...
CVE-2017-8540
CVE-2017-8540 affects Microsoft Malware Protection Engine (MMPE) across Forefront/Defender deployments. The weakness arises from a use-after-free in the garbage collection system managing JavaScript objects during scanning of specially crafted files, enabling memory corruption and potential remot...
CVE-2023-38175
Technical details about CVE-2023-38175 are not public in the provided documents; no specifics on affected products/versions/root cause/fixes are included here. Monitor for updates.
CVE-2017-8541
CVE-2017-8541 concerns the Microsoft Malware Protection Engine (MMPE) remote code execution vulnerability. Multiple sources confirm MMPE fails to properly scan a specially crafted file, causing memory corruption and potentially arbitrary code execution. Exploitation indicators include exploits li...
CVE-2020-1170
CVE-2020-1170 – Cloud Filter arbitrary file creation EOP (Windows) Affected component: Cloud Filter driver, cldflt.sys, on Windows 10 v1803 and later (pre-December 2020 updates). Root cause (as documented by the connected MSF module): the driver did not set IO_FORCE_ACCESS_CHECK or OBJ_FORCE_ACCE...
CVE-2020-1002
CVE-2020-1002 is an elevation of privilege vulnerability in Microsoft Defender linked to MpSigStub.exe, enabling an attacker who is logged on to delete files in arbitrary locations. The issue requires local access and user interaction-free exploitation via a specially crafted command, with exploi...
CVE-2019-1255
Microsoft Malware Protection Engine Elevation of Privilege (CVE-2019-1255) exists due to improper file handling. An authenticated, remote attacker can exploit this to gain elevated privileges. Affected component: Defender/Malware Protection Engine. Impact: elevation of privilege; exploitation des...
CVE-2017-8538
CVE-2017-8538 concerns the Microsoft Malware Protection Engine (MMPE) used by Forefront and Defender on Windows platforms (Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Windows 10 versions 1511–1703, Windows Server 2016, plus Microsoft Ex...
CVE-2020-1163
CVE-2020-1163 is an Elevation of Privilege issue in Windows Defender that can lead to arbitrary file deletion. The exploit requires an authenticated logon to the system. Connected sources confirm the vulnerability affects Windows Defender with the same core description, but do not provide explici...
CVE-2018-0986
CVE-2018-0986 (Microsoft Malware Protection Engine RCE) arises when the engine fails to properly scan a specially crafted file, causing memory corruption. This enables an attacker to execute arbitrary code with Local System privileges on affected systems, potentially taking control. Affected prod...
CVE-2017-0290
CVE-2017-0290 affects the Microsoft Malware Protection Engine (mpengine) used by Forefront/Defender on Windows clients/servers. The flaw is a memory corruption vulnerability triggered when scanning a specially crafted file, enabling remote code execution. Affected products span Windows 7/8.1/10 a...
CVE-2023-36422
CVE-2023-36422 is a Windows Defender elevation-of-privilege vulnerability. Multiple sources associate it with privilege escalation via insufficient access control in Windows Defender, enabling a local attacker with low privileges and no user interaction to gain total compromise. Public details po...
CVE-2019-1161
Summary: CVE-2019-1161 is a privilege-escalation flaw in Microsoft Defender’s MpSigStub.exe that can enable an attacker to delete protected files at arbitrary locations. What is affected: Defender-related components using MpSigStub.exe (e.g., Windows Defender/Forefront Endpoint Protection suites)...
CVE-2021-24092
CVE-2021-24092 is a Microsoft Defender elevation-of-privilege vulnerability affecting Windows Defender. The connected sources confirm a local, low-privilege attacker could achieve higher privileges (CVE-2021-24092), with a CVSSv3 base score of 7.8 (HIGH) and a local attack vector. Public records ...
CVE-2020-0835
CVE-2020-0835 affects Microsoft Windows Defender Antimalware Platform. The root cause is improper handling of hard links in the Defender engine, enabling local elevation of privilege when a user runs a crafted program on affected systems. Public sources note the vulnerability exists in Defender a...
CVE-2020-1461
CVE-2020-1461 is a Microsoft Defender elevation of privilege vulnerability in MpSigStub.exe that can allow deletion of files in arbitrary locations. Exploitation requires the attacker to log on to the system, then, with MpSigStub.exe running, execute crafted actions to delete protected files. Mic...
CVE-2017-8537
CVE-2017-8537 describes a denial-of-service vulnerability in the Microsoft Malware Protection Engine (MMPE) used with Microsoft Forefront and Microsoft Defender across a range of Windows client/server platforms. The issue arises from MMPE failing to properly scan specially crafted files, which ca...
CVE-2017-8558
CVE-2017-8558 affects the Microsoft Malware Protection Engine used by Forefront/Defender on Windows platforms (32‑bit). The vulnerability arises when scanning specially crafted files, leading to memory corruption and remote code execution. Public evidence in multiple feeds confirms this as a remo...
CVE-2017-8542
CVE-2017-8542 refers to a denial-of-service vulnerability in the Microsoft Malware Protection Engine (MMPE) used by Microsoft Defender/Forefront on Windows and Exchange Server variants. The issue arises when MMPE scans a specially crafted file, potentially causing the monitoring service to stop o...
CVE-2017-8539
CVE-2017-8539 concerns the Microsoft Malware Protection Engine (MMPE) running on Windows systems (various client and server SKUs) where the engine, when scanning specially crafted files, can fail to properly scan and cause a denial of service. The CVE is part of a set of related vulnerabilities (...
CVE-2017-8535
CVE-2017-8535 affects Microsoft Malware Protection Engine used by Forefront/Defender on Windows platforms. The vulnerability stems from improper scanning of specially crafted files, causing a denial of service. Connected sources also describe similar issues (CVE-2017-8536/7/9/42) in MMPE. Mitigat...
CVE-2017-8536
CVE-2017-8536 is a denial-of-service vulnerability in Microsoft Malware Protection Engine (MMPE) that affects MMPE running on multiple Windows versions and related Microsoft products (Forefront/ Defender). The issue stems from the engine failing to properly scan specially crafted files, which cou...
CVE-2008-1437
CVE-2008-1437 affects the Microsoft Malware Protection Engine (mpengine.dll) versions 1.1.3520.0 and 0.1.13.192 used in multiple Microsoft products. The vulnerability stems from the engine’s parsing of specially crafted files, involving improper validation during processing, which can cause the e...
CVE-2013-3154
CVE-2013-3154 affects Windows Defender on Windows 7 and Windows Server 2008 R2. The issue is caused by an incorrect pathname used by the signature-update functionality, enabling local users to gain privileges via a Trojan horse in the %SYSTEMDRIVE% top-level directory. A successful exploit allows...
CVE-2006-5270
The CVE-2006-5270 issue is a remote code execution vulnerability in the Microsoft Malware Protection Engine (mpengine.dll) caused by an integer overflow when parsing PDF files. Affected products include Windows Live OneCare, Microsoft Antigen (Exchange 9.x and SMTP Gateway 9.x), Windows Defender ...
CVE-2013-0078
CVE-2013-0078 affects the Microsoft Antimalware Client on Windows 8 and Windows RT, where MsMpEng.exe is referenced with an incorrect pathname. This improper pathname handling can allow a local user to gain privileges via a crafted application, constituting a local privilege-escalation vulnerabil...
CVE-2008-1438
CVE-2008-1438 concerns the Microsoft Malware Protection Engine (mpengine.dll) (versions 1.1.3520.0 and 0.1.13.192) used in multiple Microsoft products. A denial-of-service exists when parsing certain files with “crafted data structures,” causing disk-space exhaustion and automatic engine restart....
CVE-2011-0037
CVE-2011-0037 affects Microsoft Malware Protection Engine (MMPE) prior to 1.1.6603.0, used in MSRT, Windows Defender, Security Essentials, Forefront products, and related tools. The vulnerability allows local privilege escalation through a crafted value of an unspecified user registry key. The do...