8 matches found
CVE-2023-38175
Technical details about CVE-2023-38175 are not public in the provided documents; no specifics on affected products/versions/root cause/fixes are included here. Monitor for updates.
CVE-2023-36422
CVE-2023-36422 is a Windows Defender elevation-of-privilege vulnerability. Multiple sources associate it with privilege escalation via insufficient access control in Windows Defender, enabling a local attacker with low privileges and no user interaction to gain total compromise. Public details po...
CVE-2008-1437
CVE-2008-1437 affects the Microsoft Malware Protection Engine (mpengine.dll) versions 1.1.3520.0 and 0.1.13.192 used in multiple Microsoft products. The vulnerability stems from the engine’s parsing of specially crafted files, involving improper validation during processing, which can cause the e...
CVE-2013-3154
CVE-2013-3154 affects Windows Defender on Windows 7 and Windows Server 2008 R2. The issue is caused by an incorrect pathname used by the signature-update functionality, enabling local users to gain privileges via a Trojan horse in the %SYSTEMDRIVE% top-level directory. A successful exploit allows...
CVE-2006-5270
The CVE-2006-5270 issue is a remote code execution vulnerability in the Microsoft Malware Protection Engine (mpengine.dll) caused by an integer overflow when parsing PDF files. Affected products include Windows Live OneCare, Microsoft Antigen (Exchange 9.x and SMTP Gateway 9.x), Windows Defender ...
CVE-2008-1438
CVE-2008-1438 concerns the Microsoft Malware Protection Engine (mpengine.dll) (versions 1.1.3520.0 and 0.1.13.192) used in multiple Microsoft products. A denial-of-service exists when parsing certain files with “crafted data structures,” causing disk-space exhaustion and automatic engine restart....
CVE-2013-0078
CVE-2013-0078 affects the Microsoft Antimalware Client on Windows 8 and Windows RT, where MsMpEng.exe is referenced with an incorrect pathname. This improper pathname handling can allow a local user to gain privileges via a crafted application, constituting a local privilege-escalation vulnerabil...
CVE-2011-0037
CVE-2011-0037 affects Microsoft Malware Protection Engine (MMPE) prior to 1.1.6603.0, used in MSRT, Windows Defender, Security Essentials, Forefront products, and related tools. The vulnerability allows local privilege escalation through a crafted value of an unspecified user registry key. The do...