CVE-2011-0037

EPSS 0.36%
Published 25.02.2011 18:00:01
Last modified 11.04.2025 00:51:21
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Forefront Client Security

Microsoft ≫ Forefront Endpoint Protection 2010 Version-

Microsoft ≫ Malicious Software Removal Tool

Microsoft ≫ Malware Protection Engine Version <= 1.1.6502.0

Microsoft ≫ Malware Protection Engine Version0.1.13.192

Microsoft ≫ Malware Protection Engine Version1.1.3520.0

Microsoft ≫ Security Essentials

Microsoft ≫ Windows Defender

Microsoft ≫ Windows Live Onecare

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.36%	0.573

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/43468

Vendor Advisory

http://securitytracker.com/id?1025117

http://www.microsoft.com/technet/security/advisory/2491888.mspx

Vendor Advisory

http://www.securityfocus.com/bid/46540

http://www.vupen.com/english/advisories/2011/0486

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/65626

https://nvd.nist.gov/vuln/detail/CVE-2011-0037

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-0037

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-0037

EUVD