Lucene search
HistoryJul 10, 2013 - 3:46 a.m.
CVE-2013-3154
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.3
Confidence
Low
EPSS
0.001
Percentile
36.5%
The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka βMicrosoft Windows 7 Defender Improper Pathname Vulnerability.β
Affected configurations
Node
microsoftwindows_defender
microsoftwindows_7Match-
ORmicrosoftwindows_server_2008r2x64
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_defender | * | cpe:2.3:a:microsoft:windows_defender:*:*:*:*:*:*:*:* |
| microsoft | windows_7 | - | cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:* |
| microsoft | windows_server_2008 | * | cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:* |
References
Related
symantec
symantec
seebug
seebug
Microsoft Windows Defenderζ¬ε°ζιζεζΌζ΄(CVE-2013-3154)(MS13-058)
2013-07-10 00:00:00
cve
cve
CVE-2013-3154
2013-07-10 03:46:10
prion
prion
Improper access control
2013-07-10 03:46:00
cvelist
cvelist
CVE-2013-3154
2013-07-10 01:00:00
nessus
nessus
openvas
openvas
Microsoft Windows Defender Privilege Elevation Vulnerability (2847927)
2013-07-10 00:00:00
Microsoft Windows Defender Privilege Elevation Vulnerability (2847927)
2013-07-10 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2013-07-29 00:00:00
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.3
Confidence
Low
EPSS
0.001
Percentile
36.5%
Related for NVD:CVE-2013-3154