All the vulnerabilites related to microsoft - security_essentials
cve-2020-1002
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:24
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:24:59.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Forefront Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010"
}
]
},
{
"product": "Microsoft System Center",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Endpoint Protection"
},
{
"status": "affected",
"version": "2012 R2 Endpoint Protection"
},
{
"status": "affected",
"version": "2012 Endpoint Protection"
}
]
},
{
"product": "Microsoft Security Essentials",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 7 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows 7 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Defender Elevation of Privilege Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:20",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Forefront Endpoint Protection",
"version": {
"version_data": [
{
"version_value": "2010"
}
]
}
},
{
"product_name": "Microsoft System Center",
"version": {
"version_data": [
{
"version_value": "Endpoint Protection"
},
{
"version_value": "2012 R2 Endpoint Protection"
},
{
"version_value": "2012 Endpoint Protection"
}
]
}
},
{
"product_name": "Microsoft Security Essentials",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 7 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows 7 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for Itanium-Based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Defender Elevation of Privilege Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1002",
"datePublished": "2020-04-15T15:13:20",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:24:59.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-24092
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24092 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Endpoint Protection |
Version: N/A |
||||||||||||||||||||
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Microsoft Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Microsoft System Center Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Microsoft System Center 2012 R2 Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Microsoft Security Essentials",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Microsoft System Center 2012 Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Windows 10 Version 1803 for 32-bit Systems",
"Windows 10 Version 1803 for x64-based Systems",
"Windows 10 Version 1803 for ARM64-based Systems",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 1909 for 32-bit Systems",
"Windows 10 Version 1909 for x64-based Systems",
"Windows 10 Version 1909 for ARM64-based Systems",
"Windows Server, version 1909 (Server Core installation)",
"Windows 10 Version 1903 for 32-bit Systems",
"Windows 10 Version 1903 for x64-based Systems",
"Windows 10 Version 1903 for ARM64-based Systems",
"Windows Server, version 1903 (Server Core installation)",
"Windows 10 Version 2004 for 32-bit Systems",
"Windows 10 Version 2004 for ARM64-based Systems",
"Windows 10 Version 2004 for x64-based Systems",
"Windows Server, version 2004 (Server Core installation)",
"Windows 10 Version 20H2 for 32-bit Systems",
"Windows 10 Version 20H2 for ARM64-based Systems",
"Windows Server, version 20H2 (Server Core Installation)",
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows 7 for 32-bit Systems Service Pack 1",
"Windows 7 for x64-based Systems Service Pack 1",
"Windows 8.1 for 32-bit systems",
"Windows 8.1 for x64-based systems",
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Windows Defender",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2021-02-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Defender Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T22:33:40.503Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24092"
}
],
"title": "Microsoft Defender Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-24092",
"datePublished": "2021-02-25T23:01:48",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1647
Vulnerability from cvelistv5
Published
2021-01-12 19:42
Modified
2024-10-08 16:17
Severity ?
EPSS score ?
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft System Center Endpoint Protection |
Version: N/A cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:11.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft System Center Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft System Center 2012 R2 Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Security Essentials",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft System Center 2012 Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*"
],
"platforms": [
"Windows 10 Version 1803 for 32-bit Systems",
"Windows 10 Version 1803 for x64-based Systems",
"Windows 10 Version 1803 for ARM64-based Systems",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows 10 Version 1909 for 32-bit Systems",
"Windows 10 Version 1909 for x64-based Systems",
"Windows 10 Version 1909 for ARM64-based Systems",
"Windows Server, version 1909 (Server Core installation)",
"Windows 10 Version 2004 for 32-bit Systems",
"Windows 10 Version 2004 for ARM64-based Systems",
"Windows 10 Version 2004 for x64-based Systems",
"Windows Server, version 2004 (Server Core installation)",
"Windows 10 Version 20H2 for 32-bit Systems",
"Windows 10 Version 20H2 for ARM64-based Systems",
"Windows Server, version 20H2 (Server Core Installation)",
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows 7 for 32-bit Systems Service Pack 1",
"Windows 7 for x64-based Systems Service Pack 1",
"Windows 8.1 for 32-bit systems",
"Windows 8.1 for x64-based systems",
"Windows RT 8.1",
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Windows Defender",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2021-01-12T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Defender Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T16:17:02.566Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Defender Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647"
}
],
"title": "Microsoft Defender Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-1647",
"datePublished": "2021-01-12T19:42:01",
"dateReserved": "2020-12-02T00:00:00",
"dateUpdated": "2024-10-08T16:17:02.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8558
Vulnerability from cvelistv5
Published
2017-06-29 13:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99262 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/42264/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securitytracker.com/id/1038783 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038784 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Microsoft Malware Protection Engine |
Version: 32-bit versions only of Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99262"
},
{
"name": "42264",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42264/"
},
{
"name": "1038783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558"
},
{
"name": "1038784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Malware Protection Engine",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "32-bit versions only of Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
}
]
}
],
"datePublic": "2017-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-11T15:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "99262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99262"
},
{
"name": "42264",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42264/"
},
{
"name": "1038783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558"
},
{
"name": "1038784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038784"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Malware Protection Engine",
"version": {
"version_data": [
{
"version_value": "32-bit versions only of Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99262"
},
{
"name": "42264",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42264/"
},
{
"name": "1038783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038783"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558"
},
{
"name": "1038784",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038784"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8558",
"datePublished": "2017-06-29T13:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:24.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1457
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://osvdb.org/80406 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80393 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/80403 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80389 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80391 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80409 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80396 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80392 | vdb-entry, x_refsource_OSVDB | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:094 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/52610 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/80407 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80395 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74293 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:00.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80396"
},
{
"name": "80392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80392"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "MDVSA-2012:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "52610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52610"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80395"
},
{
"name": "multiple-av-tar-length-evasion(74293)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2012:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80396"
},
{
"name": "80392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80392"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "MDVSA-2012:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "52610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52610"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80395"
},
{
"name": "multiple-av-tar-length-evasion(74293)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"refsource": "OSVDB",
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"refsource": "OSVDB",
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"refsource": "OSVDB",
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"refsource": "OSVDB",
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"refsource": "OSVDB",
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"refsource": "OSVDB",
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"refsource": "OSVDB",
"url": "http://osvdb.org/80396"
},
{
"name": "80392",
"refsource": "OSVDB",
"url": "http://osvdb.org/80392"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "MDVSA-2012:094",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "52610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52610"
},
{
"name": "80407",
"refsource": "OSVDB",
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"refsource": "OSVDB",
"url": "http://osvdb.org/80395"
},
{
"name": "multiple-av-tar-length-evasion(74293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1457",
"datePublished": "2012-03-21T10:00:00",
"dateReserved": "2012-02-29T00:00:00",
"dateUpdated": "2024-08-06T19:01:00.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1443
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/80472 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/52612 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/80467 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80461 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80470 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80460 | vdb-entry, x_refsource_OSVDB | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC | |
| http://osvdb.org/80468 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80456 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80457 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80458 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80454 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80455 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80459 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80469 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80471 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:00.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "80472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80472"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "52612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52612"
},
{
"name": "80467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80467"
},
{
"name": "80461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80461"
},
{
"name": "80470",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80470"
},
{
"name": "80460",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80460"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80468",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80468"
},
{
"name": "80456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80456"
},
{
"name": "80457",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80457"
},
{
"name": "80458",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80458"
},
{
"name": "80454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80454"
},
{
"name": "80455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80455"
},
{
"name": "80459",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80459"
},
{
"name": "80469",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80469"
},
{
"name": "80471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-28T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "80472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80472"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "52612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52612"
},
{
"name": "80467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80467"
},
{
"name": "80461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80461"
},
{
"name": "80470",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80470"
},
{
"name": "80460",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80460"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80468",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80468"
},
{
"name": "80456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80456"
},
{
"name": "80457",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80457"
},
{
"name": "80458",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80458"
},
{
"name": "80454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80454"
},
{
"name": "80455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80455"
},
{
"name": "80459",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80459"
},
{
"name": "80469",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80469"
},
{
"name": "80471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "80472",
"refsource": "OSVDB",
"url": "http://osvdb.org/80472"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "52612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52612"
},
{
"name": "80467",
"refsource": "OSVDB",
"url": "http://osvdb.org/80467"
},
{
"name": "80461",
"refsource": "OSVDB",
"url": "http://osvdb.org/80461"
},
{
"name": "80470",
"refsource": "OSVDB",
"url": "http://osvdb.org/80470"
},
{
"name": "80460",
"refsource": "OSVDB",
"url": "http://osvdb.org/80460"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80468",
"refsource": "OSVDB",
"url": "http://osvdb.org/80468"
},
{
"name": "80456",
"refsource": "OSVDB",
"url": "http://osvdb.org/80456"
},
{
"name": "80457",
"refsource": "OSVDB",
"url": "http://osvdb.org/80457"
},
{
"name": "80458",
"refsource": "OSVDB",
"url": "http://osvdb.org/80458"
},
{
"name": "80454",
"refsource": "OSVDB",
"url": "http://osvdb.org/80454"
},
{
"name": "80455",
"refsource": "OSVDB",
"url": "http://osvdb.org/80455"
},
{
"name": "80459",
"refsource": "OSVDB",
"url": "http://osvdb.org/80459"
},
{
"name": "80469",
"refsource": "OSVDB",
"url": "http://osvdb.org/80469"
},
{
"name": "80471",
"refsource": "OSVDB",
"url": "http://osvdb.org/80471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1443",
"datePublished": "2012-03-21T10:00:00",
"dateReserved": "2012-02-29T00:00:00",
"dateUpdated": "2024-08-06T19:01:00.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1161
Vulnerability from cvelistv5
Published
2019-08-14 20:55
Modified
2024-08-04 18:06
Severity ?
EPSS score ?
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Forefront Endpoint Protection 2010 |
Version: N/A |
||||||||||||||||||||
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Microsoft Forefront Endpoint Protection 2010",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Microsoft System Center Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Microsoft System Center 2012 R2 Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Microsoft Security Essentials",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Microsoft System Center 2012 Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Windows 10 Version 1703 for 32-bit Systems",
"Windows 10 Version 1703 for x64-based Systems",
"Windows 10 Version 1709 for 32-bit Systems",
"Windows 10 Version 1709 for x64-based Systems",
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows 7 for 32-bit Systems Service Pack 1",
"Windows 7 for x64-based Systems Service Pack 1",
"Windows 8.1 for 32-bit systems",
"Windows 8.1 for x64-based systems",
"Windows RT 8.1",
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for Itanium-Based Systems Service Pack 2",
"Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Windows Defender",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-08-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.\nTo exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again.\nThe update addresses the vulnerability and blocks the arbitrary deletion.\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T16:50:53.510Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161"
}
],
"title": "Microsoft Defender Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1161",
"datePublished": "2019-08-14T20:55:03",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:31.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1163
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1163 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Forefront Endpoint Protection |
Version: 2010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Forefront Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010"
}
]
},
{
"product": "Microsoft System Center",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Endpoint Protection"
},
{
"status": "affected",
"version": "2012 R2 Endpoint Protection"
},
{
"status": "affected",
"version": "2012 Endpoint Protection"
}
]
},
{
"product": "Microsoft Security Essentials",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 7 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows 7 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Windows Defender Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1170."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:43:17",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Forefront Endpoint Protection",
"version": {
"version_data": [
{
"version_value": "2010"
}
]
}
},
{
"product_name": "Microsoft System Center",
"version": {
"version_data": [
{
"version_value": "Endpoint Protection"
},
{
"version_value": "2012 R2 Endpoint Protection"
},
{
"version_value": "2012 Endpoint Protection"
}
]
}
},
{
"product_name": "Microsoft Security Essentials",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 7 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows 7 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for Itanium-Based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Windows Defender Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1170."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1163",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1163",
"datePublished": "2020-06-09T19:43:17",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:01.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1461
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Forefront Endpoint Protection |
Version: 2010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:39:10.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Forefront Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010"
}
]
},
{
"product": "Microsoft System Center",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Endpoint Protection"
},
{
"status": "affected",
"version": "2012 R2 Endpoint Protection"
},
{
"status": "affected",
"version": "2012 Endpoint Protection"
}
]
},
{
"product": "Microsoft Security Essentials",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 7 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows 7 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Defender Elevation of Privilege Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T22:54:51",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Forefront Endpoint Protection",
"version": {
"version_data": [
{
"version_value": "2010"
}
]
}
},
{
"product_name": "Microsoft System Center",
"version": {
"version_data": [
{
"version_value": "Endpoint Protection"
},
{
"version_value": "2012 R2 Endpoint Protection"
},
{
"version_value": "2012 Endpoint Protection"
}
]
}
},
{
"product_name": "Microsoft Security Essentials",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 7 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows 7 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for Itanium-Based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Defender Elevation of Privilege Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1461",
"datePublished": "2020-07-14T22:54:51",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:39:10.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8537
Vulnerability from cvelistv5
Published
2017-05-26 20:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/42081/ | exploit, x_refsource_EXPLOIT-DB | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98705 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038571 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Malware Protection Engine |
Version: Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42081",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537"
},
{
"name": "98705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98705"
},
{
"name": "1038571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038571"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Malware Protection Engine",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
}
]
}
],
"datePublic": "2017-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Server",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "42081",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537"
},
{
"name": "98705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98705"
},
{
"name": "1038571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038571"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Malware Protection Engine",
"version": {
"version_data": [
{
"version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Server"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42081",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537"
},
{
"name": "98705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98705"
},
{
"name": "1038571",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038571"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8537",
"datePublished": "2017-05-26T20:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:23.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8535
Vulnerability from cvelistv5
Published
2017-05-26 20:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/42081/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/98702 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038571 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Malware Protection Engine |
Version: Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42081",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"name": "98702",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98702"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535"
},
{
"name": "1038571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038571"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Malware Protection Engine",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
}
]
}
],
"datePublic": "2017-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Server",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "42081",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"name": "98702",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98702"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535"
},
{
"name": "1038571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038571"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Malware Protection Engine",
"version": {
"version_data": [
{
"version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Server"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42081",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"name": "98702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98702"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535"
},
{
"name": "1038571",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038571"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8535",
"datePublished": "2017-05-26T20:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:23.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1170
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Forefront Endpoint Protection |
Version: 2010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Forefront Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010"
}
]
},
{
"product": "Microsoft System Center",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Endpoint Protection"
},
{
"status": "affected",
"version": "2012 R2 Endpoint Protection"
},
{
"status": "affected",
"version": "2012 Endpoint Protection"
}
]
},
{
"product": "Microsoft Security Essentials",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 7 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows 7 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Windows Defender Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1163."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-12T17:06:07",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Forefront Endpoint Protection",
"version": {
"version_data": [
{
"version_value": "2010"
}
]
}
},
{
"product_name": "Microsoft System Center",
"version": {
"version_data": [
{
"version_value": "Endpoint Protection"
},
{
"version_value": "2012 R2 Endpoint Protection"
},
{
"version_value": "2012 Endpoint Protection"
}
]
}
},
{
"product_name": "Microsoft Security Essentials",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1909 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 7 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows 7 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for Itanium-Based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Windows Defender Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1163."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170"
},
{
"name": "http://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1170",
"datePublished": "2020-06-09T19:43:17",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:01.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1453
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/80487 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80484 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80482 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80489 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80488 | vdb-entry, x_refsource_OSVDB | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC | |
| http://osvdb.org/80486 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/52621 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/80483 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80485 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80487"
},
{
"name": "80484",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80484"
},
{
"name": "80482",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80482"
},
{
"name": "80489",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80489"
},
{
"name": "80488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80488"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80486"
},
{
"name": "52621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52621"
},
{
"name": "80483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80483"
},
{
"name": "80485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-28T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80487"
},
{
"name": "80484",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80484"
},
{
"name": "80482",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80482"
},
{
"name": "80489",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80489"
},
{
"name": "80488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80488"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80486"
},
{
"name": "52621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52621"
},
{
"name": "80483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80483"
},
{
"name": "80485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80487",
"refsource": "OSVDB",
"url": "http://osvdb.org/80487"
},
{
"name": "80484",
"refsource": "OSVDB",
"url": "http://osvdb.org/80484"
},
{
"name": "80482",
"refsource": "OSVDB",
"url": "http://osvdb.org/80482"
},
{
"name": "80489",
"refsource": "OSVDB",
"url": "http://osvdb.org/80489"
},
{
"name": "80488",
"refsource": "OSVDB",
"url": "http://osvdb.org/80488"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80486",
"refsource": "OSVDB",
"url": "http://osvdb.org/80486"
},
{
"name": "52621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52621"
},
{
"name": "80483",
"refsource": "OSVDB",
"url": "http://osvdb.org/80483"
},
{
"name": "80485",
"refsource": "OSVDB",
"url": "http://osvdb.org/80485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1453",
"datePublished": "2012-03-21T10:00:00",
"dateReserved": "2012-02-29T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1255
Vulnerability from cvelistv5
Published
2019-09-23 19:14
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Security Essentials |
Version: unspecified |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:13:29.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Security Essentials",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft System Center",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2012 Endpoint Protection"
},
{
"status": "affected",
"version": "Endpoint Protection"
},
{
"status": "affected",
"version": "2012 R2 Endpoint Protection"
}
]
},
{
"product": "Microsoft Forefront Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010"
}
]
},
{
"product": "Windows Defender on Windows 7 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows 7 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1703 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1703 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka \u0027Microsoft Defender Denial of Service Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-23T19:14:38",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Security Essentials",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft System Center",
"version": {
"version_data": [
{
"version_value": "2012 Endpoint Protection"
},
{
"version_value": "Endpoint Protection"
},
{
"version_value": "2012 R2 Endpoint Protection"
}
]
}
},
{
"product_name": "Microsoft Forefront Endpoint Protection",
"version": {
"version_data": [
{
"version_value": "2010"
}
]
}
},
{
"product_name": "Windows Defender on Windows 7 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows 7 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 1"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1703 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1703 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for Itanium-Based Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
},
{
"product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": "Service Pack 2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka \u0027Microsoft Defender Denial of Service Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1255",
"datePublished": "2019-09-23T19:14:38",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:13:29.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8536
Vulnerability from cvelistv5
Published
2017-05-26 20:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/42081/ | exploit, x_refsource_EXPLOIT-DB | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98708 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038571 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Malware Protection Engine |
Version: Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42081",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536"
},
{
"name": "98708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98708"
},
{
"name": "1038571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038571"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Malware Protection Engine",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
}
]
}
],
"datePublic": "2017-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Server",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "42081",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536"
},
{
"name": "98708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98708"
},
{
"name": "1038571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038571"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Malware Protection Engine",
"version": {
"version_data": [
{
"version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Server"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42081",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536"
},
{
"name": "98708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98708"
},
{
"name": "1038571",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038571"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8536",
"datePublished": "2017-05-26T20:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:23.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1459
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://osvdb.org/80406 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80393 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/80403 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80389 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80391 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80409 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80396 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74302 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/80392 | vdb-entry, x_refsource_OSVDB | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC | |
| http://osvdb.org/80390 | vdb-entry, x_refsource_OSVDB | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:094 | vendor-advisory, x_refsource_MANDRIVA | |
| http://osvdb.org/80407 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80395 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/52623 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80396"
},
{
"name": "multiple-av-tar-header-evasion(74302)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"name": "80392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80392"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80390"
},
{
"name": "MDVSA-2012:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80395"
},
{
"name": "52623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2012:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80396"
},
{
"name": "multiple-av-tar-header-evasion(74302)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"name": "80392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80392"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80390"
},
{
"name": "MDVSA-2012:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80395"
},
{
"name": "52623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"refsource": "OSVDB",
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"refsource": "OSVDB",
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"refsource": "OSVDB",
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"refsource": "OSVDB",
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"refsource": "OSVDB",
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"refsource": "OSVDB",
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"refsource": "OSVDB",
"url": "http://osvdb.org/80396"
},
{
"name": "multiple-av-tar-header-evasion(74302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"name": "80392",
"refsource": "OSVDB",
"url": "http://osvdb.org/80392"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"refsource": "OSVDB",
"url": "http://osvdb.org/80390"
},
{
"name": "MDVSA-2012:094",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "80407",
"refsource": "OSVDB",
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"refsource": "OSVDB",
"url": "http://osvdb.org/80395"
},
{
"name": "52623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1459",
"datePublished": "2012-03-21T10:00:00",
"dateReserved": "2012-02-29T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0037
Vulnerability from cvelistv5
Published
2011-02-25 17:00
Modified
2024-08-06 21:43
Severity ?
EPSS score ?
Summary
Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.microsoft.com/technet/security/advisory/2491888.mspx | x_refsource_CONFIRM | |
| http://secunia.com/advisories/43468 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/46540 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2011/0486 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1025117 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65626 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:15.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.microsoft.com/technet/security/advisory/2491888.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-0037",
"datePublished": "2011-02-25T17:00:00",
"dateReserved": "2010-12-10T00:00:00",
"dateUpdated": "2024-08-06T21:43:15.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0986
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-08-05 03:44
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040631 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/103593 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986 | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/44402/ | exploit, x_refsource_EXPLOIT-DB |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows Defender |
Version: Windows 10 for 32-bit Systems Version: Windows 10 for x64-based Systems Version: Windows 10 Version 1511 for 32-bit Systems Version: Windows 10 Version 1511 for x64-based Systems Version: Windows 10 Version 1607 for 32-bit Systems Version: Windows 10 Version 1607 for x64-based Systems Version: Windows 10 Version 1703 for 32-bit Systems Version: Windows 10 Version 1703 for x64-based Systems Version: Windows 10 Version 1709 for 32-bit Systems Version: Windows 10 Version 1709 for x64-based Systems Version: Windows 7 for 32-bit Systems Service Pack 1 Version: Windows 7 for x64-based Systems Service Pack 1 Version: Windows 8.1 for 32-bit systems Version: Windows 8.1 for x64-based systems Version: Windows RT 8.1 Version: Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: Windows Server 2012 Version: Windows Server 2012 (Server Core installation) Version: Windows Server 2012 R2 Version: Windows Server 2012 R2 (Server Core installation) Version: Windows Server 2016 Version: Windows Server 2016 (Server Core installation) Version: Windows Server, version 1709 (Server Core Installation) |
||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:11.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040631"
},
{
"name": "103593",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103593"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986"
},
{
"name": "44402",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44402/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows Defender",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1511 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1511 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2016"
},
{
"status": "affected",
"version": "Windows Server 2016 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server, version 1709 (Server Core Installation)"
}
]
},
{
"product": "Windows Intune Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Intune Endpoint Protection"
}
]
},
{
"product": "Microsoft Security Essentials",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Security Essentials"
}
]
},
{
"product": "Microsoft System Center Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft System Center Endpoint Protection"
}
]
},
{
"product": "Microsoft Exchange Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013"
},
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft System Center",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2012 Endpoint Protection"
},
{
"status": "affected",
"version": "2012 R2 Endpoint Protection"
}
]
},
{
"product": "Microsoft Forefront Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010"
}
]
}
],
"datePublic": "2018-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\" This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T00:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040631"
},
{
"name": "103593",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103593"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986"
},
{
"name": "44402",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44402/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-0986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Defender",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1511 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1511 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows Server 2016 (Server Core installation)"
},
{
"version_value": "Windows Server, version 1709 (Server Core Installation)"
}
]
}
},
{
"product_name": "Windows Intune Endpoint Protection",
"version": {
"version_data": [
{
"version_value": "Windows Intune Endpoint Protection"
}
]
}
},
{
"product_name": "Microsoft Security Essentials",
"version": {
"version_data": [
{
"version_value": "Microsoft Security Essentials"
}
]
}
},
{
"product_name": "Microsoft System Center Endpoint Protection",
"version": {
"version_data": [
{
"version_value": "Microsoft System Center Endpoint Protection"
}
]
}
},
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_value": "2013"
},
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft System Center",
"version": {
"version_data": [
{
"version_value": "2012 Endpoint Protection"
},
{
"version_value": "2012 R2 Endpoint Protection"
}
]
}
},
{
"product_name": "Microsoft Forefront Endpoint Protection",
"version": {
"version_data": [
{
"version_value": "2010"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\" This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040631"
},
{
"name": "103593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103593"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986"
},
{
"name": "44402",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44402/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0986",
"datePublished": "2018-04-04T17:00:00",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-08-05T03:44:11.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8540
Vulnerability from cvelistv5
Published
2017-05-26 20:00
Modified
2024-08-05 16:41
Severity ?
EPSS score ?
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98703 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/42088/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securitytracker.com/id/1038571 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | Malware Protection Engine |
Version: Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540"
},
{
"name": "98703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98703"
},
{
"name": "42088",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42088/"
},
{
"name": "1038571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038571"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Malware Protection Engine",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
}
]
}
],
"datePublic": "2017-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\", a different vulnerability than CVE-2017-8538 and CVE-2017-8541."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540"
},
{
"name": "98703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98703"
},
{
"name": "42088",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42088/"
},
{
"name": "1038571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038571"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Malware Protection Engine",
"version": {
"version_data": [
{
"version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\", a different vulnerability than CVE-2017-8538 and CVE-2017-8541."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540"
},
{
"name": "98703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98703"
},
{
"name": "42088",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42088/"
},
{
"name": "1038571",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038571"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8540",
"datePublished": "2017-05-26T20:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:23.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1420
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 18:53
Severity ?
EPSS score ?
Summary
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/80406 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/80403 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80409 | vdb-entry, x_refsource_OSVDB | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC | |
| http://osvdb.org/80407 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80406"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80406"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "80406",
"refsource": "OSVDB",
"url": "http://osvdb.org/80406"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"refsource": "OSVDB",
"url": "http://osvdb.org/80403"
},
{
"name": "80409",
"refsource": "OSVDB",
"url": "http://osvdb.org/80409"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80407",
"refsource": "OSVDB",
"url": "http://osvdb.org/80407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1420",
"datePublished": "2012-03-21T10:00:00",
"dateReserved": "2012-02-29T00:00:00",
"dateUpdated": "2024-08-06T18:53:37.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-05-26 20:29
Modified
2024-11-21 03:34
Severity ?
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98702 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038571 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.exploit-db.com/exploits/42081/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98702 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038571 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/42081/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1511 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | endpoint_protection | - | |
| microsoft | exchange_server | 2013 | |
| microsoft | exchange_server | 2016 | |
| microsoft | forefront_endpoint_protection | - | |
| microsoft | forefront_endpoint_protection | 2010 | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | - | |
| microsoft | windows_intune_endpoint_protection | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC297F51-9742-43A2-8783-53B7E4D5E435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:-:*:*:*:*:*:*",
"matchCriteriaId": "27EF8DB7-D5A0-47A8-9F69-7D0259490D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*",
"matchCriteriaId": "8039FBA1-73D4-4FF2-B183-0DCC961CBFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9503E8-6282-4F3A-A6DA-0FA8A9BD941B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "E55E0DDF-4D05-4E5F-BC54-790A722E87A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "194DE421-9536-4001-9A27-6C88805421EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_intune_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D46404B0-83D5-4E54-8944-C8734645B80E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542."
},
{
"lang": "es",
"value": "El Motor de Protecci\u00f3n de Malware de Microsoft se ejecuta en Microsoft Forefront y Microsoft Defender en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607 y 1703 y Windows Server 2016, Microsoft Exchange Server 2013 y 2016, no analiza apropiadamente un archivo especialmente creado que conlleva a la denegaci\u00f3n de servicio. Tambi\u00e9n se conoce como \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", una vulnerabilidad diferente de los CVE-2017-8536, CVE-2017-8537, CVE-2017-8539 y CVE-2017-8542."
}
],
"id": "CVE-2017-8535",
"lastModified": "2024-11-21T03:34:12.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-26T20:29:00.210",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98702"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038571"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42081/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-369"
},
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-26 20:29
Modified
2024-11-21 03:34
Severity ?
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98703 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038571 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540 | Mitigation, Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.exploit-db.com/exploits/42088/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98703 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038571 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/42088/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | malware_protection_engine | * | |
| microsoft | windows_10_1507 | - | |
| microsoft | windows_10_1511 | - | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1703 | - | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | endpoint_protection | - | |
| microsoft | exchange_server | 2013 | |
| microsoft | exchange_server | 2016 | |
| microsoft | forefront_endpoint_protection | - | |
| microsoft | forefront_endpoint_protection | 2010 | |
| microsoft | forefront_security | - | |
| microsoft | intune_endpoint_protection | - | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | - | |
| microsoft | windows_defender | - |
{
"cisaActionDue": "2022-03-24",
"cisaExploitAdd": "2022-03-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "232A1DC9-D943-407F-B82C-3D7522E19A18",
"versionEndExcluding": "1.1.13704.0",
"versionStartIncluding": "1.1.13701.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*",
"matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8E9D99-BD78-4340-88F2-5AFF27AC37C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD582C-1660-4E6E-81A1-537BD1307A99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC297F51-9742-43A2-8783-53B7E4D5E435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:-:*:*:*:*:*:*",
"matchCriteriaId": "27EF8DB7-D5A0-47A8-9F69-7D0259490D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*",
"matchCriteriaId": "8039FBA1-73D4-4FF2-B183-0DCC961CBFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9503E8-6282-4F3A-A6DA-0FA8A9BD941B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "E55E0DDF-4D05-4E5F-BC54-790A722E87A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6F1182-AC87-4A8E-841D-25C94DD7116A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:intune_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC8E84F-EEC0-4803-9779-8A49658F2180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "194DE421-9536-4001-9A27-6C88805421EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\", a different vulnerability than CVE-2017-8538 and CVE-2017-8541."
},
{
"lang": "es",
"value": "El Motor de Protecci\u00f3n de Malware de Microsoft ejecutado en Microsoft Forefront y Microsoft Defender en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows versi\u00f3n 8.1, Windows Server 2012 versi\u00f3n Gold y R2, Windows RT versi\u00f3n 8.1, Windows 10 versiones Gold, 1511, 1607 y 1703 y Windows Server 2016, Microsoft Exchange Server 2013 y 2016, no analiza apropiadamente un archivo especialmente dise\u00f1ado conllevando a una corrupci\u00f3n de memoria. tambi\u00e9n se conoce como \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\", una vulnerabilidad diferente de CVE-2017-8538 y CVE-2017-8541."
}
],
"id": "CVE-2017-8540",
"lastModified": "2024-11-21T03:34:13.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-26T20:29:00.427",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98703"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038571"
},
{
"source": "secure@microsoft.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42088/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42088/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-26 20:29
Modified
2024-11-21 03:34
Severity ?
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98708 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038571 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.exploit-db.com/exploits/42081/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98708 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038571 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/42081/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1511 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | endpoint_protection | - | |
| microsoft | exchange_server | 2013 | |
| microsoft | exchange_server | 2016 | |
| microsoft | forefront_endpoint_protection | - | |
| microsoft | forefront_endpoint_protection | 2010 | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | - | |
| microsoft | windows_intune_endpoint_protection | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC297F51-9742-43A2-8783-53B7E4D5E435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:-:*:*:*:*:*:*",
"matchCriteriaId": "27EF8DB7-D5A0-47A8-9F69-7D0259490D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*",
"matchCriteriaId": "8039FBA1-73D4-4FF2-B183-0DCC961CBFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9503E8-6282-4F3A-A6DA-0FA8A9BD941B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "E55E0DDF-4D05-4E5F-BC54-790A722E87A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "194DE421-9536-4001-9A27-6C88805421EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_intune_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D46404B0-83D5-4E54-8944-C8734645B80E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542."
},
{
"lang": "es",
"value": "El Motor de Protecci\u00f3n de Malware de Microsoft ejecut\u00e1ndose en Microsoft Forefront y Microsoft Defender en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607 y 1703 y Windows Server 2016, Microsoft Exchange Server 2013 y 2016, no analiza apropiadamente un archivo especialmente creado que conlleva a la denegaci\u00f3n de servicio. Tambi\u00e9n se conoce como \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", una vulnerabilidad diferente de los CVE-2017-8535, CVE-2017-8537, CVE-2017-8539 y CVE-2017-8542."
}
],
"id": "CVE-2017-8536",
"lastModified": "2024-11-21T03:34:12.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-26T20:29:00.257",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98708"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038571"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42081/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-369"
},
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:36
Severity ?
Summary
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/80403 | ||
| cve@mitre.org | http://osvdb.org/80406 | ||
| cve@mitre.org | http://osvdb.org/80407 | ||
| cve@mitre.org | http://osvdb.org/80409 | ||
| cve@mitre.org | http://www.ieee-security.org/TC/SP2012/program.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/522005 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80403 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80406 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80407 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80409 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ieee-security.org/TC/SP2012/program.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/522005 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| authentium | command_antivirus | 5.2.11.5 | |
| cat | quick_heal | 11.00 | |
| eset | nod32_antivirus | 5795 | |
| f-prot | f-prot_antivirus | 4.6.2.117 | |
| fortinet | fortinet_antivirus | 4.2.254.0 | |
| k7computing | antivirus | 9.77.3565 | |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 | |
| microsoft | security_essentials | 2.0 | |
| norman | norman_antivirus_\&_antispyware | 6.06.12 | |
| pandasecurity | panda_antivirus | 10.0.2.7 | |
| rising-global | rising_antivirus | 22.83.00.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"matchCriteriaId": "673B999A-11D2-4AFF-9930-0C06E8BBAA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"matchCriteriaId": "961708EB-3124-4147-A36D-BAD9241D0C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"matchCriteriaId": "B27BD224-CB70-43D2-8B0D-9F229A646B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C382AA8-5E99-4669-9825-F5BBEEC12907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"matchCriteriaId": "81D01633-1000-425D-9026-59C50734956A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8ADA91-4042-4E1B-9F14-78023F24B137",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos TAR en Quick Heal (tambi\u00e9n conocido como Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 en el Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.6.12, Panda Antivirus 10.0.2.7, y Rising Antivirus 22.83.00.03 permite a atacantes remotos evitar la detecci\u00f3n de malware a trav\u00e9s de un archivo TAR POSIX con una secuencia de caracteres inicial \\ 7fELF . NOTA: esto m\u00e1s adelante se puede dividir en varios CVEs si la informaci\u00f3n adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador TAR."
}
],
"id": "CVE-2012-1420",
"lastModified": "2024-11-21T01:36:56.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:47.130",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80403"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80406"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80407"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80409"
},
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-25 23:15
Modified
2024-11-21 05:52
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft Defender Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 20h2 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - | |
| microsoft | endpoint_protection | - | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | - | |
| microsoft | system_center_endpoint_protection | 2012 | |
| microsoft | system_center_endpoint_protection | 2012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC297F51-9742-43A2-8783-53B7E4D5E435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "194DE421-9536-4001-9A27-6C88805421EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:*",
"matchCriteriaId": "410C8132-8953-4A2E-AF04-BBB4044BA64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2D1AAB8-A55D-404A-A431-7F4A0201F488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Defender Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios de Microsoft Defender"
}
],
"id": "CVE-2021-24092",
"lastModified": "2024-11-21T05:52:20.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-02-25T23:15:15.600",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24092"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft Defender Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10_1507 | - | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1803 | - | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_1909 | - | |
| microsoft | windows_10_2004 | - | |
| microsoft | windows_10_20h2 | - | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_1909 | - | |
| microsoft | windows_server_2004 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_20h2 | - | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | - | |
| microsoft | system_center_endpoint_protection | 2012 | |
| microsoft | system_center_endpoint_protection | 2012 |
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Defender Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*",
"matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00345596-E9E0-4096-8DC6-0212F4747A13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E332666-2E03-468E-BC30-299816D6E8ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B570A8-ED1A-46B6-B8AB-064445F8FC4C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_2004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DBE5B2-AE10-4251-BCDA-DC5EDEE6EE67",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD13A6-A390-4400-9029-2F4058CA17E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE7E7B1-64AC-4986-A50B-0918A42C05BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62224791-644C-4D1F-AD77-56B16CF27630",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "194DE421-9536-4001-9A27-6C88805421EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:*",
"matchCriteriaId": "410C8132-8953-4A2E-AF04-BBB4044BA64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2D1AAB8-A55D-404A-A431-7F4A0201F488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Defender Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Una Vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota de Microsoft Defender"
}
],
"id": "CVE-2021-1647",
"lastModified": "2024-11-21T05:44:48.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-01-12T20:15:30.727",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:37
Severity ?
Summary
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html | ||
| cve@mitre.org | http://osvdb.org/80389 | ||
| cve@mitre.org | http://osvdb.org/80391 | ||
| cve@mitre.org | http://osvdb.org/80392 | ||
| cve@mitre.org | http://osvdb.org/80393 | ||
| cve@mitre.org | http://osvdb.org/80395 | ||
| cve@mitre.org | http://osvdb.org/80396 | ||
| cve@mitre.org | http://osvdb.org/80403 | ||
| cve@mitre.org | http://osvdb.org/80406 | ||
| cve@mitre.org | http://osvdb.org/80407 | ||
| cve@mitre.org | http://osvdb.org/80409 | ||
| cve@mitre.org | http://www.ieee-security.org/TC/SP2012/program.html | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:094 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/522005 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/52610 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/74293 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80389 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80391 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80392 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80393 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80395 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80396 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80403 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80406 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80407 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80409 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ieee-security.org/TC/SP2012/program.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:094 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/522005 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/52610 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/74293 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aladdin | esafe | 7.0.17.0 | |
| alwil | avast_antivirus | 4.8.1351.0 | |
| alwil | avast_antivirus | 5.0.677.0 | |
| anti-virus | vba32 | 3.12.14.2 | |
| antiy | avl_sdk | 2.0.3.7 | |
| authentium | command_antivirus | 5.2.11.5 | |
| avg | avg_anti-virus | 10.0.0.1190 | |
| avira | antivir | 7.11.1.163 | |
| bitdefender | bitdefender | 7.2 | |
| cat | quick_heal | 11.00 | |
| clamav | clamav | 0.96.4 | |
| emsisoft | anti-malware | 5.1.0.1 | |
| eset | nod32_antivirus | 5795 | |
| f-prot | f-prot_antivirus | 4.6.2.117 | |
| gdata-software | g_data_antivirus | 21 | |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 | |
| jiangmin | jiangmin_antivirus | 13.0.900 | |
| k7computing | antivirus | 9.77.3565 | |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 | |
| mcafee | gateway | 2010.1c | |
| mcafee | scan_engine | 5.400.0.1158 | |
| microsoft | security_essentials | 2.0 | |
| norman | norman_antivirus_\&_antispyware | 6.06.12 | |
| pc_tools | pc_tools_antivirus | 7.0.3.5 | |
| rising-global | rising_antivirus | 22.83.00.03 | |
| symantec | endpoint_protection | 11.0 | |
| trendmicro | housecall | 9.120.0.1004 | |
| trendmicro | trend_micro_antivirus | 9.120.0.1004 | |
| virusbuster | virusbuster | 13.6.151.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3A2FBE-3113-4CCB-8FCF-54CBD78FDF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7877C5C9-C4CA-406F-A61A-EAFBA846A20D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0325DA-A137-41E0-BD5E-B892F2166749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38855431-9C17-41FE-8325-A3304DECAC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"matchCriteriaId": "4E62090C-AF41-4032-B9F7-78FEBDB4AAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
"matchCriteriaId": "62B656B8-A7FB-4451-8A32-CB7AB74165F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D7D7FA-20E9-4560-ABC6-154CD918E307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "953C363B-AD5B-4C53-AAF0-AB6BA4040D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"matchCriteriaId": "673B999A-11D2-4AFF-9930-0C06E8BBAA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"matchCriteriaId": "961708EB-3124-4147-A36D-BAD9241D0C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
"matchCriteriaId": "DA047323-54B7-460B-9AA0-88C3C4183218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"matchCriteriaId": "620DC756-B821-413C-A824-43C221E573AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"matchCriteriaId": "B27BD224-CB70-43D2-8B0D-9F229A646B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C382AA8-5E99-4669-9825-F5BBEEC12907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"matchCriteriaId": "81D01633-1000-425D-9026-59C50734956A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "410EEFDA-CFE6-4DDE-B661-BB01009B0E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8ADA91-4042-4E1B-9F14-78023F24B137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "72379F97-0BCA-425A-92AE-9F336866FD07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32C656A2-AAAC-494A-A981-A83144070857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos TAR en Avira AntiVir versi\u00f3n 7.11.1.163, Antiy Labs AVL SDK versi\u00f3n 2.0.3.7, avast! antivirus versiones 4.8.1351.0 y 5.0.677.0, AVG Anti-Virus versi\u00f3n 10.0.0.1190, Bitdefender versi\u00f3n 7.2, Quick Heal (tambi\u00e9n se conoce como Cat QuickHeal) versi\u00f3n 11.00, ClamAV versi\u00f3n 0.96.4, Command Antivirus versi\u00f3n 5.2.11.5, Emsisoft Anti-Malware versi\u00f3n 5.1.0.1, eSafe versi\u00f3n 7.0.17.0, F-Prot antivirus versi\u00f3n 4.6.2.117, G Data AntiVirus versi\u00f3n 21, Ikarus Virus Utilities T3 Command Line Scanner versi\u00f3n 1.1.97.0, Jiangmin Antivirus versi\u00f3n 13.0.900, K7 AntiVirus versi\u00f3n 9.77.3565, Kaspersky Anti-Virus versi\u00f3n 7.0.0.125, McAfee Anti-Virus Scanning Engine versi\u00f3n 5.400.0.1158, McAfee Gateway (anteriormente Webwasher) versi\u00f3n 2010.1C, Antimalware Engine versi\u00f3n 1.1.6402.0 en Microsoft Security Essentials versi\u00f3n 2.0, NOD32 Antivirus versi\u00f3n 5795, Norman Antivirus versi\u00f3n 6.06.12 , PC Tools AntiVirus versi\u00f3n 7.0.3.5, Rising Antivirus versi\u00f3n 22.83.00.03, AVEngine versi\u00f3n 20101.3.0.103 en Symantec Endpoint Protection versi\u00f3n 11, Trend Micro AntiVirus versi\u00f3n 9.120.0.1004, Trend Micro HouseCall versi\u00f3n 9.120.0.1004, VBA32 versi\u00f3n 3.12.14.2 y VirusBuster versi\u00f3n 13.6.151.0 , permite a los atacantes remotos omitir la detecci\u00f3n de malware por medio de una entrada de archivo TAR con un campo de longitud que supera el tama\u00f1o total del archivo TAR. NOTA: esto puede ser m\u00e1s tarde SPLIT en varios CVE si se publica informaci\u00f3n adicional que muestra que el error se produjo de manera independiente en diferentes implementaciones de analizador de TAR."
}
],
"id": "CVE-2012-1457",
"lastModified": "2024-11-21T01:37:01.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:49.287",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80389"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80391"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80392"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80393"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80395"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80396"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80403"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80406"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80407"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80409"
},
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52610"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-04 17:29
Modified
2024-11-21 03:39
Severity ?
Summary
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/103593 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040631 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.exploit-db.com/exploits/44402/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103593 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040631 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44402/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | exchange_server | 2013 | |
| microsoft | exchange_server | 2016 | |
| microsoft | security_essentials | - | |
| microsoft | forefront_endpoint_protection_2010 | - | |
| microsoft | intune_endpoint_protection | - | |
| microsoft | system_center_endpoint_protection | * | |
| microsoft | system_center_endpoint_protection | 2012 | |
| microsoft | system_center_endpoint_protection | 2012 | |
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1511 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | * | |
| microsoft | windows_rt_8.1 | * | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | * | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2016 | 1709 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:-:*:*:*:*:*:*",
"matchCriteriaId": "27EF8DB7-D5A0-47A8-9F69-7D0259490D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*",
"matchCriteriaId": "8039FBA1-73D4-4FF2-B183-0DCC961CBFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection_2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43383FAA-0CD9-4D86-B957-814FE226D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:intune_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC8E84F-EEC0-4803-9779-8A49658F2180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4990D109-C2BF-4327-8A89-8F843FEF3DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:*",
"matchCriteriaId": "410C8132-8953-4A2E-AF04-BBB4044BA64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2D1AAB8-A55D-404A-A431-7F4A0201F488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "197E82CB-81AF-40F1-A55C-7B596891A783",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80EB5690-B20F-457A-A202-FBADAA17E05C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*",
"matchCriteriaId": "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\" This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo cuando Microsoft Malware Protection Engine no escanea correctamente un archivo especialmente manipulado. Esto desemboca en una corrupci\u00f3n de memoria, tambi\u00e9n conocida como \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\". Esto afecta a Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center y Microsoft Forefront Endpoint Protection."
}
],
"id": "CVE-2018-0986",
"lastModified": "2024-11-21T03:39:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-04T17:29:01.583",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103593"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040631"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44402/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44402/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-26 20:29
Modified
2024-11-21 03:34
Severity ?
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98705 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038571 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.exploit-db.com/exploits/42081/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98705 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038571 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/42081/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1511 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | endpoint_protection | - | |
| microsoft | exchange_server | 2013 | |
| microsoft | exchange_server | 2016 | |
| microsoft | forefront_endpoint_protection | - | |
| microsoft | forefront_endpoint_protection | 2010 | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | - | |
| microsoft | windows_intune_endpoint_protection | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC297F51-9742-43A2-8783-53B7E4D5E435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:-:*:*:*:*:*:*",
"matchCriteriaId": "27EF8DB7-D5A0-47A8-9F69-7D0259490D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*",
"matchCriteriaId": "8039FBA1-73D4-4FF2-B183-0DCC961CBFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9503E8-6282-4F3A-A6DA-0FA8A9BD941B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "E55E0DDF-4D05-4E5F-BC54-790A722E87A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "194DE421-9536-4001-9A27-6C88805421EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_intune_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D46404B0-83D5-4E54-8944-C8734645B80E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542."
},
{
"lang": "es",
"value": "El Motor de Protecci\u00f3n de Malware de Microsoft ejecut\u00e1ndose en Microsoft Forefront y Microsoft Defender en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607 y 1703 y Windows Server 2016, Microsoft Exchange Server 2013 y 2016, no analiza apropiadamente un archivo especialmente creado que conlleva a la denegaci\u00f3n de servicio. Tambi\u00e9n se conoce como \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", una vulnerabilidad diferente de los CVE-2017-8535, CVE-2017-8536, CVE-2017-8539 y CVE-2017-8542."
}
],
"id": "CVE-2017-8537",
"lastModified": "2024-11-21T03:34:12.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-26T20:29:00.287",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98705"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038571"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42081/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-369"
},
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:09
Severity ?
Summary
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1163 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1163 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2019 | - | |
| microsoft | forefront_endpoint_protection_2010 | - | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | 2012 | |
| microsoft | system_center_endpoint_protection | 2012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
"matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection_2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43383FAA-0CD9-4D86-B957-814FE226D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "08C2C350-F98D-4A45-A6DE-E35267D83AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2D1AAB8-A55D-404A-A431-7F4A0201F488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Windows Defender Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1170."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios en Windows Defender que conlleva a una eliminaci\u00f3n arbitraria de archivos en el sistema. Para explotar la vulnerabilidad, un atacante primero tendr\u00eda que iniciar sesi\u00f3n en el sistema, tambi\u00e9n se conoce como \"Microsoft Windows Defender Elevation of Privilege Vulnerability\" Este ID de CVE es diferente de CVE-2020-1170"
}
],
"id": "CVE-2020-1163",
"lastModified": "2024-11-21T05:09:53.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-09T20:15:12.583",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1163"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:37
Severity ?
Summary
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html | ||
| cve@mitre.org | http://osvdb.org/80389 | ||
| cve@mitre.org | http://osvdb.org/80390 | ||
| cve@mitre.org | http://osvdb.org/80391 | ||
| cve@mitre.org | http://osvdb.org/80392 | ||
| cve@mitre.org | http://osvdb.org/80393 | ||
| cve@mitre.org | http://osvdb.org/80395 | ||
| cve@mitre.org | http://osvdb.org/80396 | ||
| cve@mitre.org | http://osvdb.org/80403 | ||
| cve@mitre.org | http://osvdb.org/80406 | ||
| cve@mitre.org | http://osvdb.org/80407 | ||
| cve@mitre.org | http://osvdb.org/80409 | ||
| cve@mitre.org | http://www.ieee-security.org/TC/SP2012/program.html | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:094 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/522005 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/52623 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/74302 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80389 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80390 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80391 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80392 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80393 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80395 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80396 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80403 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80406 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80407 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80409 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ieee-security.org/TC/SP2012/program.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:094 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/522005 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/52623 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/74302 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ahnlab | v3_internet_security | 2011.01.18.00 | |
| alwil | avast_antivirus | 4.8.1351.0 | |
| alwil | avast_antivirus | 5.0.677.0 | |
| anti-virus | vba32 | 3.12.14.2 | |
| antiy | avl_sdk | 2.0.3.7 | |
| authentium | command_antivirus | 5.2.11.5 | |
| avg | avg_anti-virus | 10.0.0.1190 | |
| avira | antivir | 7.11.1.163 | |
| bitdefender | bitdefender | 7.2 | |
| cat | quick_heal | 11.00 | |
| clamav | clamav | 0.96.4 | |
| comodo | comodo_antivirus | 7424 | |
| emsisoft | anti-malware | 5.1.0.1 | |
| eset | nod32_antivirus | 5795 | |
| f-prot | f-prot_antivirus | 4.6.2.117 | |
| f-secure | f-secure_anti-virus | 9.0.16160.0 | |
| fortinet | fortinet_antivirus | 4.2.254.0 | |
| gdata-software | g_data_antivirus | 21 | |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 | |
| jiangmin | jiangmin_antivirus | 13.0.900 | |
| k7computing | antivirus | 9.77.3565 | |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 | |
| mcafee | gateway | 2010.1c | |
| mcafee | scan_engine | 5.400.0.1158 | |
| microsoft | security_essentials | 2.0 | |
| norman | norman_antivirus_\&_antispyware | 6.06.12 | |
| nprotect | nprotect_antivirus | 2011-01-17.01 | |
| pandasecurity | panda_antivirus | 10.0.2.7 | |
| pc_tools | pc_tools_antivirus | 7.0.3.5 | |
| rising-global | rising_antivirus | 22.83.00.03 | |
| sophos | sophos_anti-virus | 4.61.0 | |
| symantec | endpoint_protection | 11.0 | |
| trendmicro | housecall | 9.120.0.1004 | |
| trendmicro | trend_micro_antivirus | 9.120.0.1004 | |
| virusbuster | virusbuster | 13.6.151.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0B91745E-EA83-4C70-BF2D-45A3678FA157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3A2FBE-3113-4CCB-8FCF-54CBD78FDF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7877C5C9-C4CA-406F-A61A-EAFBA846A20D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0325DA-A137-41E0-BD5E-B892F2166749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38855431-9C17-41FE-8325-A3304DECAC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"matchCriteriaId": "4E62090C-AF41-4032-B9F7-78FEBDB4AAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
"matchCriteriaId": "62B656B8-A7FB-4451-8A32-CB7AB74165F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D7D7FA-20E9-4560-ABC6-154CD918E307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "953C363B-AD5B-4C53-AAF0-AB6BA4040D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
"matchCriteriaId": "803A9A92-A984-43A8-8D27-C9A6FDB19A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"matchCriteriaId": "673B999A-11D2-4AFF-9930-0C06E8BBAA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"matchCriteriaId": "961708EB-3124-4147-A36D-BAD9241D0C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB884937-53F0-4BB5-AA8F-1CCDCD1221D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
"matchCriteriaId": "DA047323-54B7-460B-9AA0-88C3C4183218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"matchCriteriaId": "620DC756-B821-413C-A824-43C221E573AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"matchCriteriaId": "B27BD224-CB70-43D2-8B0D-9F229A646B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C382AA8-5E99-4669-9825-F5BBEEC12907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"matchCriteriaId": "81D01633-1000-425D-9026-59C50734956A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D386C31F-6114-4A15-B0D5-15686D7EF8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "410EEFDA-CFE6-4DDE-B661-BB01009B0E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8ADA91-4042-4E1B-9F14-78023F24B137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0912E21E-1EEB-4ADD-958F-F8AEBBF7C5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "72379F97-0BCA-425A-92AE-9F336866FD07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32C656A2-AAAC-494A-A981-A83144070857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos TAR en AhnLab V3 Internet Security versi\u00f3n 2011.01.18.00, Avira AntiVir versi\u00f3n 7.11.1.163, Antiy Labs AVL SDK versi\u00f3n 2.0.3.7, avast! antivirus versiones 4.8.1351.0 y 5.0.677.0, AVG Anti-Virus versi\u00f3n 10.0.0.1190, Bitdefender versi\u00f3n 7.2, Quick Heal (tambi\u00e9n se conoce como Cat QuickHeal) versi\u00f3n 11.00, ClamAV versi\u00f3n 0.96.4, Command Antivirus versi\u00f3n 5.2.11.5, Comodo Antivirus versi\u00f3n 7424, Emsisoft Anti-Malware versi\u00f3n 5.1.0.1, F-Prot Antivirus versi\u00f3n 4.6.2.117, F-Secure Anti-Virus versi\u00f3n 9.0.16160.0, Fortinet Antivirus versi\u00f3n 4.2.254.0, G Data AntiVirus versi\u00f3n 21, Ikarus Virus Utilities T3 Command Line Scanner versi\u00f3n 1.1.97.0, Jiangmin Antivirus versi\u00f3n 13.0.900, K7 AntiVirus versi\u00f3n 9.77.3565, Kaspersky Anti-Virus versi\u00f3n 7.0.0.125, McAfee Anti-Virus Scanning Engine versi\u00f3n 5.400.0.1158, McAfee Gateway (anteriormente Webwasher) versi\u00f3n 2010.1C, Antimalware Engine versi\u00f3n 1.1.6402.0 en Microsoft Security Essentials versi\u00f3n 2.0, NOD32 Antivirus versi\u00f3n 5795, Norman Antivirus versi\u00f3n 6.06.12, nProtect antivirus versi\u00f3n 2011-01-17.01, Panda Antivirus versi\u00f3n 10.0.2.7, PC Tools AntiVirus versi\u00f3n 7.0.3.5, Rising Antivirus versi\u00f3n 22.83.00.03, Sophos Anti-Virus versi\u00f3n 4.61.0, AVEngine versi\u00f3n 20101.3.0.103 en Symantec Endpoint Protection versi\u00f3n 11, Trend Micro AntiVirus versi\u00f3n 9.120.0.1004, Trend Micro HouseCall versi\u00f3n 9.120.0.1004, VBA32 versi\u00f3n 3.12.14.2 y VirusBuster versi\u00f3n 13.6.151.0, permite a los atacantes remotos omitir la detecci\u00f3n de malware por medio de una entrada de archivo TAR con un campo de longitud correspondiente a toda la entrada, adem\u00e1s de parte del encabezado de la siguiente entrada. NOTA: esto puede ser m\u00e1s tarde SPLIT en varios CVE si se publica informaci\u00f3n adicional que muestra que el error se produjo de manera independiente en diferentes implementaciones de analizador de TAR."
}
],
"id": "CVE-2012-1459",
"lastModified": "2024-11-21T01:37:02.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:49.597",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80389"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80390"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80391"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80392"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80393"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80395"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80396"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80403"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80406"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80407"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80409"
},
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52623"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-29 13:29
Modified
2024-11-21 03:34
Severity ?
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/99262 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038783 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038784 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558 | Vendor Advisory | |
| secure@microsoft.com | https://www.exploit-db.com/exploits/42264/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99262 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038783 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038784 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/42264/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1511 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | endpoint_protection | - | |
| microsoft | forefront_endpoint_protection | - | |
| microsoft | forefront_endpoint_protection | 2010 | |
| microsoft | security_essentials | - | |
| microsoft | windows_intune_endpoint_protection | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "BA592626-F17C-4F46-823B-0947D102BBD2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:x86:*",
"matchCriteriaId": "B3B00136-0621-447F-A1AA-1CFCDDA9768B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*",
"matchCriteriaId": "507EB48C-F479-424C-8ABA-C279AB4FE3F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:x86:*",
"matchCriteriaId": "81AC5268-1562-4714-ADBA-8F955DE98E9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*",
"matchCriteriaId": "06BBFA69-94E2-4BAB-AFD3-BC434B11D106",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "DF8ABB14-84CF-4BBC-99C9-DA6C0F7A0619",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC297F51-9742-43A2-8783-53B7E4D5E435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9503E8-6282-4F3A-A6DA-0FA8A9BD941B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "E55E0DDF-4D05-4E5F-BC54-790A722E87A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_intune_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09194815-BBC8-42F7-ABFF-C0AB2CEF99BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\"."
},
{
"lang": "es",
"value": "El Motor de Protecci\u00f3n de Malware de Microsoft corriendo en Microsoft Forefront y Microsoft Defender en versiones de 32 bits de Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows versi\u00f3n 8.1, Windows Server 2012 Gold y R2, Windows RT versi\u00f3n 8.1, Windows 10 Gold, 1511 , 1607 y 1703, no analiza correctamente un archivo especialmente creado que provoca da\u00f1os en la memoria. Tambi\u00e9n se conoce como \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\"."
}
],
"id": "CVE-2017-8558",
"lastModified": "2024-11-21T03:34:15.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-29T13:29:00.283",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99262"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038783"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038784"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42264/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42264/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 05:09
Severity ?
Summary
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2019 | - | |
| microsoft | forefront_endpoint_protection_2010 | - | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | * | |
| microsoft | system_center_endpoint_protection | 2012 | |
| microsoft | system_center_endpoint_protection | 2012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
"matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection_2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43383FAA-0CD9-4D86-B957-814FE226D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4990D109-C2BF-4327-8A89-8F843FEF3DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:*",
"matchCriteriaId": "410C8132-8953-4A2E-AF04-BBB4044BA64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2D1AAB8-A55D-404A-A431-7F4A0201F488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Defender Elevation of Privilege Vulnerability\u0027."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de elevaci\u00f3n de privilegios cuando el archivo MpSigStub.exe para Defender permite la eliminaci\u00f3n de archivos en ubicaciones arbitrarias. Para explotar la vulnerabilidad, un atacante tendr\u00eda primero que registrarse en el sistema, tambi\u00e9n se conoce como \"Microsoft Defender Elevation of Privilege Vulnerability\"."
}
],
"id": "CVE-2020-1002",
"lastModified": "2024-11-21T05:09:31.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T15:15:20.027",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2019 | - | |
| microsoft | forefront_endpoint_protection_2010 | - | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | - | |
| microsoft | system_center_endpoint_protection | 2012 | |
| microsoft | system_center_endpoint_protection | 2012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*",
"matchCriteriaId": "FFFD8C6B-7A46-484C-8701-81D58AB1C2CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection_2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43383FAA-0CD9-4D86-B957-814FE226D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "194DE421-9536-4001-9A27-6C88805421EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:*",
"matchCriteriaId": "410C8132-8953-4A2E-AF04-BBB4044BA64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2D1AAB8-A55D-404A-A431-7F4A0201F488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Defender Elevation of Privilege Vulnerability\u0027."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando el archivo MpSigStub.exe para Defender permite una eliminaci\u00f3n de archivos en ubicaciones arbitrarias. Para explotar la vulnerabilidad, un atacante primero debe iniciar sesi\u00f3n en el sistema, tambi\u00e9n se conoce como \"Microsoft Defender Elevation of Privilege Vulnerability\""
}
],
"id": "CVE-2020-1461",
"lastModified": "2024-11-21T05:10:35.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-14T23:15:20.543",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-25 18:00
Modified
2024-11-21 01:23
Severity ?
Summary
Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/43468 | Vendor Advisory | |
| secure@microsoft.com | http://securitytracker.com/id?1025117 | ||
| secure@microsoft.com | http://www.microsoft.com/technet/security/advisory/2491888.mspx | Vendor Advisory | |
| secure@microsoft.com | http://www.securityfocus.com/bid/46540 | ||
| secure@microsoft.com | http://www.vupen.com/english/advisories/2011/0486 | Vendor Advisory | |
| secure@microsoft.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/65626 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43468 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025117 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.microsoft.com/technet/security/advisory/2491888.mspx | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46540 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0486 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/65626 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | forefront_client_security | * | |
| microsoft | forefront_endpoint_protection_2010 | - | |
| microsoft | malicious_software_removal_tool | * | |
| microsoft | malware_protection_engine | * | |
| microsoft | malware_protection_engine | 0.1.13.192 | |
| microsoft | malware_protection_engine | 1.1.3520.0 | |
| microsoft | security_essentials | * | |
| microsoft | windows_defender | * | |
| microsoft | windows_live_onecare | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_client_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "769D4056-0E25-4A0A-B0E7-265AC188053A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection_2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43383FAA-0CD9-4D86-B957-814FE226D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malicious_software_removal_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAB4CCB-8116-45EC-A261-D16A168C7198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F718BB5E-D0EA-497D-9085-C4462C029E37",
"versionEndIncluding": "1.1.6502.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:0.1.13.192:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEA6F8E-1A38-47FC-891C-326EAA8A9F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:1.1.3520.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EFC0F5-EB5E-4D34-9B8B-5C60CCC32D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3151D41-960B-4A4B-8585-07B1DCFEA454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A458632B-D1AE-4643-A8F0-4295B506E341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_live_onecare:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4109D8E8-A385-4098-A983-FCF5F69CCD1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key."
},
{
"lang": "es",
"value": "Microsoft Malware Protection Engine anterior a v1.1.6603.0, tal como se utiliz\u00f3 en Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, y Windows Live OneCare, permite a usuarios locales conseguir privilegios a trav\u00e9s de un valor manipulado de una clave de registro de usuario sin especificar"
}
],
"id": "CVE-2011-0037",
"lastModified": "2024-11-21T01:23:10.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-25T18:00:01.213",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43468"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1025117"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/46540"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:36
Severity ?
Summary
The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/80454 | ||
| cve@mitre.org | http://osvdb.org/80455 | ||
| cve@mitre.org | http://osvdb.org/80456 | ||
| cve@mitre.org | http://osvdb.org/80457 | ||
| cve@mitre.org | http://osvdb.org/80458 | ||
| cve@mitre.org | http://osvdb.org/80459 | ||
| cve@mitre.org | http://osvdb.org/80460 | ||
| cve@mitre.org | http://osvdb.org/80461 | ||
| cve@mitre.org | http://osvdb.org/80467 | ||
| cve@mitre.org | http://osvdb.org/80468 | ||
| cve@mitre.org | http://osvdb.org/80469 | ||
| cve@mitre.org | http://osvdb.org/80470 | ||
| cve@mitre.org | http://osvdb.org/80471 | ||
| cve@mitre.org | http://osvdb.org/80472 | ||
| cve@mitre.org | http://www.ieee-security.org/TC/SP2012/program.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/522005 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/52612 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80454 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80455 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80456 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80457 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80458 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80459 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80460 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80461 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80467 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80468 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80469 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80470 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80471 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80472 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ieee-security.org/TC/SP2012/program.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/522005 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/52612 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ahnlab | v3_internet_security | 2011.01.18.00 | |
| aladdin | esafe | 7.0.17.0 | |
| alwil | avast_antivirus | 4.8.1351.0 | |
| alwil | avast_antivirus | 5.0.677.0 | |
| anti-virus | vba32 | 3.12.14.2 | |
| antiy | avl_sdk | 2.0.3.7 | |
| authentium | command_antivirus | 5.2.11.5 | |
| avg | avg_anti-virus | 10.0.0.1190 | |
| avira | antivir | 7.11.1.163 | |
| bitdefender | bitdefender | 7.2 | |
| cat | quick_heal | 11.00 | |
| clamav | clamav | 0.96.4 | |
| comodo | comodo_antivirus | 7424 | |
| emsisoft | anti-malware | 5.1.0.1 | |
| eset | nod32_antivirus | 5795 | |
| f-prot | f-prot_antivirus | 4.6.2.117 | |
| f-secure | f-secure_anti-virus | 9.0.16160.0 | |
| fortinet | fortinet_antivirus | 4.2.254.0 | |
| gdata-software | g_data_antivirus | 21 | |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 | |
| jiangmin | jiangmin_antivirus | 13.0.900 | |
| k7computing | antivirus | 9.77.3565 | |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 | |
| mcafee | gateway | 2010.1c | |
| mcafee | scan_engine | 5.400.0.1158 | |
| microsoft | security_essentials | 2.0 | |
| norman | norman_antivirus_\&_antispyware | 6.06.12 | |
| nprotect | nprotect_antivirus | 2011-01-17.01 | |
| pandasecurity | panda_antivirus | 10.0.2.7 | |
| pc_tools | pc_tools_antivirus | 7.0.3.5 | |
| rising-global | rising_antivirus | 22.83.00.03 | |
| sophos | sophos_anti-virus | 4.61.0 | |
| symantec | endpoint_protection | 11.0 | |
| trendmicro | housecall | 9.120.0.1004 | |
| trendmicro | trend_micro_antivirus | 9.120.0.1004 | |
| virusbuster | virusbuster | 13.6.151.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0B91745E-EA83-4C70-BF2D-45A3678FA157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3A2FBE-3113-4CCB-8FCF-54CBD78FDF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7877C5C9-C4CA-406F-A61A-EAFBA846A20D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0325DA-A137-41E0-BD5E-B892F2166749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38855431-9C17-41FE-8325-A3304DECAC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"matchCriteriaId": "4E62090C-AF41-4032-B9F7-78FEBDB4AAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
"matchCriteriaId": "62B656B8-A7FB-4451-8A32-CB7AB74165F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D7D7FA-20E9-4560-ABC6-154CD918E307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "953C363B-AD5B-4C53-AAF0-AB6BA4040D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
"matchCriteriaId": "803A9A92-A984-43A8-8D27-C9A6FDB19A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"matchCriteriaId": "673B999A-11D2-4AFF-9930-0C06E8BBAA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"matchCriteriaId": "961708EB-3124-4147-A36D-BAD9241D0C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB884937-53F0-4BB5-AA8F-1CCDCD1221D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
"matchCriteriaId": "DA047323-54B7-460B-9AA0-88C3C4183218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"matchCriteriaId": "620DC756-B821-413C-A824-43C221E573AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"matchCriteriaId": "B27BD224-CB70-43D2-8B0D-9F229A646B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C382AA8-5E99-4669-9825-F5BBEEC12907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"matchCriteriaId": "81D01633-1000-425D-9026-59C50734956A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D386C31F-6114-4A15-B0D5-15686D7EF8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "410EEFDA-CFE6-4DDE-B661-BB01009B0E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8ADA91-4042-4E1B-9F14-78023F24B137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0912E21E-1EEB-4ADD-958F-F8AEBBF7C5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "72379F97-0BCA-425A-92AE-9F336866FD07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32C656A2-AAAC-494A-A981-A83144070857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos RAR en ClamAV versi\u00f3n 0.96.4, Rising Antivirus versi\u00f3n 22.83.00.03, Quick Heal (tambi\u00e9n se conoce como Cat QuickHeal) versi\u00f3n 11.00, G Data AntiVirus versi\u00f3n 21, AVEngine versi\u00f3n 20101.3.0.103 en Symantec Endpoint Protection versi\u00f3n 11, Command Antivirus versi\u00f3n 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner versi\u00f3n 1.1.97.0, Emsisoft Anti-Malware versi\u00f3n 5.1.0.1, PC Tools AntiVirus versi\u00f3n 7.0.3.5, F-Prot Antivirus versi\u00f3n 4.6.2.117, VirusBuster versi\u00f3n 13.6.151.0, Fortinet antivirus versi\u00f3n 4.2.254.0, Antiy Labs AVL SDK versi\u00f3n 2.0.3.7, K7 AntiVirus versi\u00f3n 9.77.3565, Trend Micro HouseCall versi\u00f3n 9.120.0.1004, Kaspersky Antivirus versi\u00f3n 7.0.0.125, Jiangmin Antivirus versi\u00f3n 13.0.900, Antimalware Engine versi\u00f3n 1.1.6402.0 en Microsoft Security Essentials versi\u00f3n 2.0, Sophos Anti-Virus versi\u00f3n 4.61.0, NOD32 Antivirus versi\u00f3n 5795, Avira AntiVir versi\u00f3n 7.11.1.163, Norman Antivirus versi\u00f3n 6.06.12, McAfee Anti-Virus Scanning Engine versi\u00f3n 5.400.0.1158, Panda Antivirus versi\u00f3n 10.0.2.7, McAfee Gateway (anteriormente Webwasher) versi\u00f3n 2010.1C, Trend Micro AntiVirus versi\u00f3n 9.120.0.1004, Comodo Antivirus versi\u00f3n 7424, Bitdefender versi\u00f3n 7.2, eSafe versi\u00f3n 7.0.17.0, F-Secure Anti-Virus versi\u00f3n 9.0.16160.0, nProtect Versi\u00f3n antivirus 2011-01-17.01, AhnLab V3 Internet Security versi\u00f3n 2011.01.18.00, AVG Anti-Virus versi\u00f3n 10.0.0.1190, avast! antivirus versiones 4.8.1351.0 y 5.0.677.0, y VBA32 versi\u00f3n 3.12.14.2, permite a los atacantes remotos asistidos por el usuario omitir la detecci\u00f3n de malware por medio de un archivo RAR con una inicial Secuencia de caracteres MZ. NOTA: esto puede ser m\u00e1s tarde SPLIT en varios CVE si se publica informaci\u00f3n adicional que muestra que el error se produjo de manera independiente en diferentes implementaciones de analizador RAR."
}
],
"id": "CVE-2012-1443",
"lastModified": "2024-11-21T01:36:59.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:48.083",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80454"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80455"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80456"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80457"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80458"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80459"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80460"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80461"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80467"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80468"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80469"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80470"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80471"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80472"
},
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52612"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:09
Severity ?
Summary
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2019 | - | |
| microsoft | forefront_endpoint_protection_2010 | - | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | 2012 | |
| microsoft | system_center_endpoint_protection | 2012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
"matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection_2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43383FAA-0CD9-4D86-B957-814FE226D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "08C2C350-F98D-4A45-A6DE-E35267D83AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2D1AAB8-A55D-404A-A431-7F4A0201F488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Windows Defender Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1163."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios en Windows Defender que conlleva a una eliminaci\u00f3n arbitraria de archivos en el sistema. Para explotar la vulnerabilidad, un atacante primero tendr\u00eda que iniciar sesi\u00f3n en el sistema, tambi\u00e9n se conoce como \"Microsoft Windows Defender Elevation of Privilege Vulnerability\" Este ID de CVE es diferente de CVE-2020-1163"
}
],
"id": "CVE-2020-1170",
"lastModified": "2024-11-21T05:09:53.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-09T20:15:12.647",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:37
Severity ?
Summary
The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/80482 | ||
| cve@mitre.org | http://osvdb.org/80483 | ||
| cve@mitre.org | http://osvdb.org/80484 | ||
| cve@mitre.org | http://osvdb.org/80485 | ||
| cve@mitre.org | http://osvdb.org/80486 | ||
| cve@mitre.org | http://osvdb.org/80487 | ||
| cve@mitre.org | http://osvdb.org/80488 | ||
| cve@mitre.org | http://osvdb.org/80489 | ||
| cve@mitre.org | http://www.ieee-security.org/TC/SP2012/program.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/522005 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/52621 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80482 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80483 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80484 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80485 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80487 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80488 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/80489 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ieee-security.org/TC/SP2012/program.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/522005 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/52621 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| antiy | avl_sdk | 2.0.3.7 | |
| ca | etrust_vet_antivirus | 36.1.8511 | |
| drweb | dr.web_antivirus | 5.0.2.03300 | |
| emsisoft | anti-malware | 5.1.0.1 | |
| fortinet | fortinet_antivirus | 4.2.254.0 | |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 | |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 | |
| mcafee | gateway | 2010.1c | |
| microsoft | security_essentials | 2.0 | |
| pandasecurity | panda_antivirus | 10.0.2.7 | |
| rising-global | rising_antivirus | 22.83.00.03 | |
| sophos | sophos_anti-virus | 4.61.0 | |
| trendmicro | housecall | 9.120.0.1004 | |
| trendmicro | trend_micro_antivirus | 9.120.0.1004 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38855431-9C17-41FE-8325-A3304DECAC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_vet_antivirus:36.1.8511:*:*:*:*:*:*:*",
"matchCriteriaId": "FBFFC7D8-7BA5-4830-9ABD-B56B3BDFC730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drweb:dr.web_antivirus:5.0.2.03300:*:*:*:*:*:*:*",
"matchCriteriaId": "34946328-2D8E-469A-ACBA-3F0D680ABF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C382AA8-5E99-4669-9825-F5BBEEC12907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8ADA91-4042-4E1B-9F14-78023F24B137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0912E21E-1EEB-4ADD-958F-F8AEBBF7C5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "72379F97-0BCA-425A-92AE-9F336866FD07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos CAB en Dr.Web v5.0.2.03300, Trend Micro HouseCall v9.120.0.1004, Kaspersky Anti-Virus v7.0.0.125, Sophos Anti-Virus v4.61.0, Trend Micro AntiVirus v9.120.0.1004, McAfee Gateway (anteriormente Webwasher) v2010.1C , a-squared Anti-Malware v5.1.0.1, CA eTrust Antivirus Vet v36.1.8511, Laboratorios Antiy AVL SDK v2.0.3.7, Antimalware Engine v1.1.6402.0 en el Microsoft Security Essentials v2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner v1.1.97.0, Fortinet Antivirus 4.2.254.0, y Panda Antivirus 10.0.2.7 permite a atacantes remotos evitar la detecci\u00f3n de malware a trav\u00e9s de un archivo CAB con un campo coffFiles modificado. NOTA: esto m\u00e1s adelante se puede dividir en varios CVEs si la informaci\u00f3n adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador CAB."
}
],
"id": "CVE-2012-1453",
"lastModified": "2024-11-21T01:37:01.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:48.847",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80482"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80483"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80484"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80485"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80486"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80487"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80488"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80489"
},
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52621"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-23 20:15
Modified
2024-11-21 04:36
Severity ?
Summary
A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2019 | - | |
| microsoft | forefront_endpoint_protection_2010 | - | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | * | |
| microsoft | system_center_endpoint_protection | 2012 | |
| microsoft | system_center_endpoint_protection | 2012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
"matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection_2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43383FAA-0CD9-4D86-B957-814FE226D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4990D109-C2BF-4327-8A89-8F843FEF3DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:*",
"matchCriteriaId": "410C8132-8953-4A2E-AF04-BBB4044BA64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2D1AAB8-A55D-404A-A431-7F4A0201F488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka \u0027Microsoft Defender Denial of Service Vulnerability\u0027."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio cuando Microsoft Defender maneja inapropiadamente los archivos, tambi\u00e9n se conoce como \"Microsoft Defender Denial of Service Vulnerability\"."
}
],
"id": "CVE-2019-1255",
"lastModified": "2024-11-21T04:36:20.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-23T20:15:13.180",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-14 21:15
Modified
2024-11-21 04:36
Severity ?
Summary
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.
To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again.
The update addresses the vulnerability and blocks the arbitrary deletion.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_defender | - | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | forefront_endpoint_protection_2010 | - | |
| microsoft | security_essentials | - | |
| microsoft | system_center_endpoint_protection | * | |
| microsoft | system_center_endpoint_protection | 2012 | |
| microsoft | system_center_endpoint_protection | 2012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection_2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43383FAA-0CD9-4D86-B957-814FE226D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4990D109-C2BF-4327-8A89-8F843FEF3DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:*",
"matchCriteriaId": "410C8132-8953-4A2E-AF04-BBB4044BA64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*",
"matchCriteriaId": "D2D1AAB8-A55D-404A-A431-7F4A0201F488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.\nTo exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again.\nThe update addresses the vulnerability and blocks the arbitrary deletion.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando el archivo MpSigStub.exe para Defender permite la eliminaci\u00f3n de archivos en ubicaciones arbitrarias. Para explotar la vulnerabilidad, un atacante primero tiene que iniciar sesi\u00f3n en el sistema, tambi\u00e9n se conoce como \"Microsoft Defender Elevation of Privilege Vulnerability\"."
}
],
"id": "CVE-2019-1161",
"lastModified": "2024-11-21T04:36:08.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-14T21:15:15.580",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}