CVE-2011-0037

Microsoft Malware Protection Engine <1.1.6603.0 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43468
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46540
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0486
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025117
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65626

Scores

EPSS 0.0178
EPSS Percentile 75.7%

Details

CWE
CWE-20
Status published
Products (9)
microsoft/forefront_client_security
microsoft/forefront_endpoint_protection_2010
microsoft/malicious_software_removal_tool
microsoft/malware_protection_engine 0.1.13.192
microsoft/malware_protection_engine 1.1.3520.0
microsoft/malware_protection_engine < 1.1.6502.0
microsoft/security_essentials
microsoft/windows_defender
microsoft/windows_live_onecare
Published Feb 25, 2011
Tracked Since Feb 18, 2026