Published: 09/04/2013 Updated: 12/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows_defender

Microsoft Updates April 2013 – 3 Critical Vulnerabilities

Securelist • Kurt Baumgartner • 09 Apr 2013

Microsoft released two Bulletins this month patching 3 critical vulnerabilities. Along with these immediate issues, they released five other Bulletins rated “Important”. It appears that the two critical Bulletins address use-after-free vulnerabilities that can all be attacked through Internet Explorer. For the Windows workstation environments, all versions of Internet Explorer need to be patched asap, including v10 preview running on Windows RT. The patch for Internet Explorer 10 on Windo...

CVE-2013-0078

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect