CVE-2011-0037

high Microsoft
CVSS v3 Base Score
7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
0.4%
Exploitation probability in 30 days
Top 42% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: February 25, 2011 (5557 days ago)
Last Modified: April 29, 2026
Vendor: Microsoft
Source: NVD

Description

Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.

CWE

CWE-20

Affected Products

microsoft forefront client securitymicrosoft forefront endpoint protection 2010microsoft malicious software removal toolmicrosoft malware protection enginemicrosoft security essentialsmicrosoft windows defendermicrosoft windows live onecare

References

🔗 secunia.com 🔗 securitytracker.com 🔗 www.microsoft.com 🔗 www.securityfocus.com 🔗 www.vupen.com