PT-2013-2082 · Microsoft · Windows Defender

Bruce Monroe

Published

2013-04-09

Updated

2018-10-12

CVE-2013-0078

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows Defender versions on Windows 8 and Windows RT

Description The issue is related to the Microsoft Antimalware Client in Windows Defender, which uses an incorrect pathname for MsMpEng.exe. This allows local users to gain privileges via a crafted application.

Recommendations For Windows Defender on Windows 8 and Windows RT, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-0078

Affected Products

Windows Defender

PT-2013-2082 · Microsoft · Windows Defender

CVE-2013-0078

Weakness Enumeration

Related Identifiers

Affected Products

References · 4