CVE-2011-0037
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
Microsoft Malware Protection Engine anterior a v1.1.6603.0, tal como se utilizó en Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, y Windows Live OneCare, permite a usuarios locales conseguir privilegios a través de un valor manipulado de una clave de registro de usuario sin especificar
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-12-10 CVE Reserved
- 2011-02-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1025117 | Vdb Entry | |
| http://www.securityfocus.com/bid/46540 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65626 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/43468 | 2017-08-17 | |
| http://www.microsoft.com/technet/security/advisory/2491888.mspx | 2017-08-17 | |
| http://www.vupen.com/english/advisories/2011/0486 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Forefront Client Security Search vendor "Microsoft" for product "Forefront Client Security" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Forefront Endpoint Protection 2010 Search vendor "Microsoft" for product "Forefront Endpoint Protection 2010" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Malicious Software Removal Tool Search vendor "Microsoft" for product "Malicious Software Removal Tool" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Malware Protection Engine Search vendor "Microsoft" for product "Malware Protection Engine" | <= 1.1.6502.0 Search vendor "Microsoft" for product "Malware Protection Engine" and version " <= 1.1.6502.0" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Malware Protection Engine Search vendor "Microsoft" for product "Malware Protection Engine" | 0.1.13.192 Search vendor "Microsoft" for product "Malware Protection Engine" and version "0.1.13.192" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Malware Protection Engine Search vendor "Microsoft" for product "Malware Protection Engine" | 1.1.3520.0 Search vendor "Microsoft" for product "Malware Protection Engine" and version "1.1.3520.0" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Security Essentials Search vendor "Microsoft" for product "Security Essentials" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Defender Search vendor "Microsoft" for product "Windows Defender" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Live Onecare Search vendor "Microsoft" for product "Windows Live Onecare" | * | - |
Affected
| ||||||