Remote Code Execution Risk in Microsoft Malware Protection Engine on x64 Platforms
CVE-2013-1346

Currently unrated

Key Information:

Vendor: Microsoft
Status: Malware Protection Engine
Vendor: CVE Published:; 15 May 2013

Summary

The mpengine.dll component of Microsoft Malware Protection Engine prior to version 1.1.9506.0 on x64 platforms is susceptible to vulnerabilities that could allow remote attackers to execute arbitrary code. By leveraging specially crafted files, attackers may exploit this weakness to initiate memory corruption, potentially leading to Denial of Service (DoS) or further unauthorized commands executed on the affected system. This security flaw underscores the importance of timely updates and vigilant protection measures to safeguard networks.

References

http://technet.microsoft.com/security/advisory/2846338

x_refsource_CONFIRM

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 15, 2013