~/products/microsoft/malware_protection_engine

pipeline liveDigest Docs

Microsoft Malware Protection Engine vulnerabilities

25 known vulnerabilities affecting microsoft/malware_protection_engine.

Total CVEs

25

CISA KEV

2

actively exploited

Public exploits

4

Exploited in wild

1

Severity breakdown

CRITICAL1HIGH16MEDIUM8

Vulnerabilities

Page 2 of 2

CVE-2014-2779MEDIUMCVSS 4.3≤ 1.1.10600.02014-06-18

CVE-2014-2779 [MEDIUM] CWE-20 CVE-2014-2779: mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to ca mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file.

CVE-2013-1346CRITICALCVSS 9.3≤ 1.1.9402.02013-05-15

CVE-2013-1346 [CRITICAL] CWE-119 CVE-2013-1346: mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.

CVE-2011-0037HIGHCVSS 7.2≤ 1.1.6502.0v0.1.13.192+1 more2011-02-25

CVE-2011-0037 [HIGH] CWE-20 CVE-2011-0037: Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Remov Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.

CVE-2008-1437MEDIUMCVSS 5.0v0.1.13.192v1.1.3520.02008-05-13

CVE-2008-1437 [MEDIUM] CWE-399 CVE-2008-1437: Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.1 Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.

CVE-2008-1438MEDIUMCVSS 5.0v0.1.13.192v1.1.3520.02008-05-13

CVE-2008-1438 [MEDIUM] CVE-2008-1438: Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.1 Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than C

← Previous2 / 2