Required CVE Record Information
Description
The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
References 4 Total
- docs.microsoft.com: MS13-058 vendor-advisory
- http://blogs.technet.com/b/srd/archive/2013/07/09/assessing-risk-for-the-july-2013-security-updates.aspx
- oval.cisecurity.org: oval:org.mitre.oval:def:17253 vdb-entrysignature
- us-cert.gov: TA13-190A third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- docs.microsoft.com: MS13-058 vendor-advisoryx_transferred
- http://blogs.technet.com/b/srd/archive/2013/07/09/assessing-risk-for-the-july-2013-security-updates.aspx x_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:17253 vdb-entrysignaturex_transferred
- us-cert.gov: TA13-190A third-party-advisoryx_transferred