// For flags

CVE-2011-0037

 

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.

Microsoft Malware Protection Engine anterior a v1.1.6603.0, tal como se utilizó en Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, y Windows Live OneCare, permite a usuarios locales conseguir privilegios a través de un valor manipulado de una clave de registro de usuario sin especificar

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-12-10 CVE Reserved
  • 2011-02-25 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Forefront Client Security
Search vendor "Microsoft" for product "Forefront Client Security"
*-
Affected
Microsoft
Search vendor "Microsoft"
Forefront Endpoint Protection 2010
Search vendor "Microsoft" for product "Forefront Endpoint Protection 2010"
--
Affected
Microsoft
Search vendor "Microsoft"
Malicious Software Removal Tool
Search vendor "Microsoft" for product "Malicious Software Removal Tool"
*-
Affected
Microsoft
Search vendor "Microsoft"
Malware Protection Engine
Search vendor "Microsoft" for product "Malware Protection Engine"
<= 1.1.6502.0
Search vendor "Microsoft" for product "Malware Protection Engine" and version " <= 1.1.6502.0"
-
Affected
Microsoft
Search vendor "Microsoft"
Malware Protection Engine
Search vendor "Microsoft" for product "Malware Protection Engine"
0.1.13.192
Search vendor "Microsoft" for product "Malware Protection Engine" and version "0.1.13.192"
-
Affected
Microsoft
Search vendor "Microsoft"
Malware Protection Engine
Search vendor "Microsoft" for product "Malware Protection Engine"
1.1.3520.0
Search vendor "Microsoft" for product "Malware Protection Engine" and version "1.1.3520.0"
-
Affected
Microsoft
Search vendor "Microsoft"
Security Essentials
Search vendor "Microsoft" for product "Security Essentials"
*-
Affected
Microsoft
Search vendor "Microsoft"
Windows Defender
Search vendor "Microsoft" for product "Windows Defender"
*-
Affected
Microsoft
Search vendor "Microsoft"
Windows Live Onecare
Search vendor "Microsoft" for product "Windows Live Onecare"
*-
Affected