CVE-2013-3154

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Defender; Windows 7; Windows Server 2008
Vendor: CVE Published:; 10 July 2013

Summary

The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://blogs.technet.com/b/srd/archive/2013/07/09/assessi...

x_refsource_CONFIRM

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

0% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 10, 2013
Vulnerability Reserved
Apr 17, 2013

Collectors

NVD DatabaseMitre Database