Improper input validation in Microsoft Forefront_client_security

CVE-2011-0037

Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneC…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (58.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Forefront_client_security
Microsoft Forefront_endpoint_protection_2010
Microsoft Malicious_software_removal_tool
Microsoft Malware_protection_engine — versions 0.1.13.192, 1.1.3520.0
Microsoft Security_essentials
Microsoft Windows_defender
Microsoft Windows_live_onecare
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

secure@microsoft.com (x_refsource_CONFIRM, Vendor Advisory)
43468 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
46540 (vdb-entry, x_refsource_BID)
ADV-2011-0486 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
1025117 (vdb-entry, x_refsource_SECTRACK)
ms-malware-engine-priv-esc(65626) (vdb-entry, x_refsource_XF)