SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |   



Category:   Application (Security)  >   Microsoft Malware Protection Engine Vendors:   Microsoft
Microsoft Malware Protection Engine Flaw Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1028557
SecurityTracker URL:  https://securitytracker.com/id/1028557
CVE Reference:   CVE-2013-1346   (Links to External Site)
Date:  May 14 2013
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.1.9402.0 and prior versions
Description:   A vulnerability was reported in Microsoft Malware Protection Engine. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted file that, when scanned by the target application, will execute arbitrary code on the target system. The code will run with LocalSystem privileges.

Only x64-based versions are affected.

The following products include the vulnerable component and are affected:

Microsoft Forefront Client Security
Microsoft Forefront Endpoint Protection 2010
Microsoft Forefront Security for SharePoint SP3
Microsoft System Center 2012 Endpoint Protection
Microsoft System Center 2012 Endpoint Protection SP1
Microsoft Malicious Software Removal Tool (April 2013 and prior)
Microsoft Security Essentials
Microsoft Security Essentials Prerelease
Windows Defender for Windows 8
Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Windows Defender Offline
Windows Intune Endpoint Protection

Impact:   A remote user can create a file that, when scanned by the target application, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix (1.1.9506.0).

The vendor's advisory is available at:

http://technet.microsoft.com/en-us/security/advisory/2846338

Vendor URL:  technet.microsoft.com/en-us/security/advisory/2846338 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search


Content previously copyright SecurityGlobal.net LLC placed in the public domain on December 31, 2019.