Improper Pathname Vulnerability in Microsoft Antimalware Client for Windows 8 and RT
CVE-2013-0078

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Defender
Vendor: CVE Published:; 9 April 2013

Summary

The Microsoft Antimalware Client in Windows Defender for Windows 8 and Windows RT is vulnerable due to an improperly configured pathname for MsMpEng.exe. This flaw enables local users to exploit the vulnerability by executing crafted applications that can gain escalated privileges, potentially allowing unauthorized actions within the system.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/ncas/alerts/TA13-100A

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Timeline

Vulnerability published
Apr 9, 2013
Vulnerability Reserved
Nov 27, 2012