← Back

CVE-2011-0037

nvd nist
Published: Feb 25, 2011Modified: Apr 29, 2026

JSON object

Loading...
7.2
Vector
AV:L/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 3.9 / Impact: 10.0
Source: NVD

Description

Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.

Affected (9)

Microsoft
7 products
Forefront Client Security
Forefront Endpoint Protection 2010
Malicious Software Removal Tool
Malware Protection Engine
Security Essentials
Windows Defender
Windows Live Onecare
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Forefront Client Security
All versions
Forefront Endpoint Protection 2010
All versions
Malicious Software Removal Tool
All versions
Microsoft
Malware Protection Engine
Up to 1.1.6502.0
Malware Protection Engine
Version 0.1.13.192
Malware Protection Engine
Version 1.1.3520.0
Security Essentials
All versions
Windows Defender
All versions
Windows Live Onecare
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.