Improper Pathname Vulnerability in Windows Defender on Microsoft Windows 7 and Server 2008 R2
CVE-2013-3154

Currently unrated

Key Information:

Vendor

Microsoft
Status
Windows Defender
Windows 7
Windows Server 2008
Vendor
CVE Published:
10 July 2013

What is CVE-2013-3154?

The signature-update functionality in Windows Defender for Microsoft Windows 7 and Windows Server 2008 R2 is vulnerable due to reliance on an improper pathname. This misconfiguration allows local users to exploit the vulnerability via a Trojan horse application placed in the %SYSTEMDRIVE% top-level directory, potentially allowing them to escalate privileges and compromise system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://blogs.technet.com/b/srd/archive/2013/07/09/assessi...
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.