Improper Pathname Vulnerability in Windows Defender on Microsoft Windows 7 and Server 2008 R2
CVE-2013-3154

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Defender; Windows 7; Windows Server 2008
Vendor: CVE Published:; 10 July 2013

Summary

The signature-update functionality in Windows Defender for Microsoft Windows 7 and Windows Server 2008 R2 is vulnerable due to reliance on an improper pathname. This misconfiguration allows local users to exploit the vulnerability via a Trojan horse application placed in the %SYSTEMDRIVE% top-level directory, potentially allowing them to escalate privileges and compromise system security.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://blogs.technet.com/b/srd/archive/2013/07/09/assessi...

x_refsource_CONFIRM

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Timeline

Vulnerability published
Jul 10, 2013
Vulnerability Reserved
Apr 17, 2013