cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-1461,https://securityvulnerability.io/vulnerability/CVE-2020-1461,,"An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.",Microsoft,"Microsoft Forefront Endpoint Protection,Microsoft System Center,Microsoft Security Essentials,Windows Defender On Windows 10 Version 1909 For 32-bit Systems,Windows Defender On Windows 10 Version 1909 For X64-based Systems,Windows Defender On Windows 10 Version 1909 For Arm64-based Systems,Windows Defender On Windows Server, Version 1909 (server Core Installation),Windows Defender On Windows 10 Version 1803 For 32-bit Systems,Windows Defender On Windows 10 Version 1803 For X64-based Systems,Windows Defender On Windows Server, Version 1803  (server Core Installation),Windows Defender On Windows 10 Version 1803 For Arm64-based Systems,Windows Defender On Windows 10 Version 1809 For 32-bit Systems,Windows Defender On Windows 10 Version 1809 For X64-based Systems,Windows Defender On Windows 10 Version 1809 For Arm64-based Systems,Windows Defender On Windows Server 2019,Windows Defender On Windows Server 2019  (server Core Installation),Windows Defender On Windows 10 Version 1709 For 32-bit Systems,Windows Defender On Windows 10 Version 1709 For X64-based Systems,Windows Defender On Windows 10 Version 1709 For Arm64-based Systems,Windows Defender On Windows 10 Version 1903 For 32-bit Systems,Windows Defender On Windows 10 Version 1903 For X64-based Systems,Windows Defender On Windows 10 Version 1903 For Arm64-based Systems,Windows Defender On Windows Server, Version 1903 (server Core Installation),Windows Defender On Windows 10 For 32-bit Systems,Windows Defender On Windows 10 For X64-based Systems,Windows Defender On Windows 10 Version 1607 For 32-bit Systems,Windows Defender On Windows 10 Version 1607 For X64-based Systems,Windows Defender On Windows Server 2016,Windows Defender On Windows Server 2016  (server Core Installation),Windows Defender On Windows 7 For 32-bit Systems,Windows Defender On Windows 7 For X64-based Systems,Windows Defender On Windows 8.1 For 32-bit Systems,Windows Defender On Windows 8.1 For X64-based Systems,Windows Defender On Windows Rt 8.1,Windows Defender On Windows Server 2008 For 32-bit Systems,Windows Defender On Windows Server 2008 For 32-bit Systems (server Core Installation),Windows Defender On Windows Server 2008 For Itanium-based Systems,Windows Defender On Windows Server 2008 R2 For Itanium-based Systems,Windows Defender On Windows Server 2008 R2 For X64-based Systems,Windows Defender On Windows Server 2008 R2 For X64-based Systems (server Core Installation),Windows Defender On Windows Server 2012,Windows Defender On Windows Server 2012 (server Core Installation),Windows Defender On Windows Server 2012 R2,Windows Defender On Windows Server 2012 R2 (server Core Installation)",7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2020-07-14T23:15:00.000Z,0
CVE-2020-1163,https://securityvulnerability.io/vulnerability/CVE-2020-1163,,"An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170.",Microsoft,"Microsoft Forefront Endpoint Protection,Microsoft System Center,Microsoft Security Essentials,Windows Defender On Windows 10 Version 1909 For 32-bit Systems,Windows Defender On Windows 10 Version 1909 For X64-based Systems,Windows Defender On Windows 10 Version 1909 For Arm64-based Systems,Windows Defender On Windows Server, Version 1909 (server Core Installation),Windows Defender On Windows 10 Version 1803 For 32-bit Systems,Windows Defender On Windows 10 Version 1803 For X64-based Systems,Windows Defender On Windows Server, Version 1803  (server Core Installation),Windows Defender On Windows 10 Version 1803 For Arm64-based Systems,Windows Defender On Windows 10 Version 1809 For 32-bit Systems,Windows Defender On Windows 10 Version 1809 For X64-based Systems,Windows Defender On Windows 10 Version 1809 For Arm64-based Systems,Windows Defender On Windows Server 2019,Windows Defender On Windows Server 2019  (server Core Installation),Windows Defender On Windows 10 Version 1709 For 32-bit Systems,Windows Defender On Windows 10 Version 1709 For X64-based Systems,Windows Defender On Windows 10 Version 1709 For Arm64-based Systems,Windows Defender On Windows 10 Version 1903 For 32-bit Systems,Windows Defender On Windows 10 Version 1903 For X64-based Systems,Windows Defender On Windows 10 Version 1903 For Arm64-based Systems,Windows Defender On Windows Server, Version 1903 (server Core Installation),Windows Defender On Windows 10 For 32-bit Systems,Windows Defender On Windows 10 For X64-based Systems,Windows Defender On Windows 10 Version 1607 For 32-bit Systems,Windows Defender On Windows 10 Version 1607 For X64-based Systems,Windows Defender On Windows Server 2016,Windows Defender On Windows Server 2016  (server Core Installation),Windows Defender On Windows 7 For 32-bit Systems,Windows Defender On Windows 7 For X64-based Systems,Windows Defender On Windows 8.1 For 32-bit Systems,Windows Defender On Windows 8.1 For X64-based Systems,Windows Defender On Windows Rt 8.1,Windows Defender On Windows Server 2008 For 32-bit Systems,Windows Defender On Windows Server 2008 For 32-bit Systems (server Core Installation),Windows Defender On Windows Server 2008 For Itanium-based Systems,Windows Defender On Windows Server 2008 R2 For Itanium-based Systems,Windows Defender On Windows Server 2008 R2 For X64-based Systems,Windows Defender On Windows Server 2008 R2 For X64-based Systems (server Core Installation),Windows Defender On Windows Server 2012,Windows Defender On Windows Server 2012 (server Core Installation),Windows Defender On Windows Server 2012 R2,Windows Defender On Windows Server 2012 R2 (server Core Installation)",7.8,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2020-06-09T19:43:17.000Z,0
CVE-2020-1170,https://securityvulnerability.io/vulnerability/CVE-2020-1170,,"An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.",Microsoft,"Microsoft Forefront Endpoint Protection,Microsoft System Center,Microsoft Security Essentials,Windows Defender On Windows 10 Version 1803 For 32-bit Systems,Windows Defender On Windows 10 Version 1803 For X64-based Systems,Windows Defender On Windows Server, Version 1803  (server Core Installation),Windows Defender On Windows 10 Version 1803 For Arm64-based Systems,Windows Defender On Windows 10 Version 1809 For 32-bit Systems,Windows Defender On Windows 10 Version 1809 For X64-based Systems,Windows Defender On Windows 10 Version 1809 For Arm64-based Systems,Windows Defender On Windows Server 2019,Windows Defender On Windows Server 2019  (server Core Installation),Windows Defender On Windows 10 Version 1909 For 32-bit Systems,Windows Defender On Windows 10 Version 1909 For X64-based Systems,Windows Defender On Windows 10 Version 1909 For Arm64-based Systems,Windows Defender On Windows Server, Version 1909 (server Core Installation),Windows Defender On Windows 10 Version 1709 For 32-bit Systems,Windows Defender On Windows 10 Version 1709 For X64-based Systems,Windows Defender On Windows 10 Version 1709 For Arm64-based Systems,Windows Defender On Windows 10 Version 1903 For 32-bit Systems,Windows Defender On Windows 10 Version 1903 For X64-based Systems,Windows Defender On Windows 10 Version 1903 For Arm64-based Systems,Windows Defender On Windows Server, Version 1903 (server Core Installation),Windows Defender On Windows 10 For 32-bit Systems,Windows Defender On Windows 10 For X64-based Systems,Windows Defender On Windows 10 Version 1607 For 32-bit Systems,Windows Defender On Windows 10 Version 1607 For X64-based Systems,Windows Defender On Windows Server 2016,Windows Defender On Windows Server 2016  (server Core Installation),Windows Defender On Windows 7 For 32-bit Systems,Windows Defender On Windows 7 For X64-based Systems,Windows Defender On Windows 8.1 For 32-bit Systems,Windows Defender On Windows 8.1 For X64-based Systems,Windows Defender On Windows Rt 8.1,Windows Defender On Windows Server 2008 For 32-bit Systems,Windows Defender On Windows Server 2008 For 32-bit Systems (server Core Installation),Windows Defender On Windows Server 2008 For Itanium-based Systems,Windows Defender On Windows Server 2008 R2 For Itanium-based Systems,Windows Defender On Windows Server 2008 R2 For X64-based Systems,Windows Defender On Windows Server 2008 R2 For X64-based Systems (server Core Installation),Windows Defender On Windows Server 2012,Windows Defender On Windows Server 2012 (server Core Installation),Windows Defender On Windows Server 2012 R2,Windows Defender On Windows Server 2012 R2 (server Core Installation)",7.8,HIGH,0.0017600000137463212,false,false,false,false,,false,false,2020-06-09T19:43:17.000Z,0
CVE-2020-1002,https://securityvulnerability.io/vulnerability/CVE-2020-1002,,"An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.",Microsoft,"Microsoft Forefront Endpoint Protection,Microsoft System Center,Microsoft Security Essentials,Windows Defender On Windows 10 Version 1909 For 32-bit Systems,Windows Defender On Windows 10 Version 1909 For X64-based Systems,Windows Defender On Windows 10 Version 1909 For Arm64-based Systems,Windows Defender On Windows Server, Version 1909 (server Core Installation),Windows Defender On Windows 10 Version 1803 For 32-bit Systems,Windows Defender On Windows 10 Version 1803 For X64-based Systems,Windows Defender On Windows Server, Version 1803  (server Core Installation),Windows Defender On Windows 10 Version 1803 For Arm64-based Systems,Windows Defender On Windows 10 Version 1809 For 32-bit Systems,Windows Defender On Windows 10 Version 1809 For X64-based Systems,Windows Defender On Windows 10 Version 1809 For Arm64-based Systems,Windows Defender On Windows Server 2019,Windows Defender On Windows Server 2019  (server Core Installation),Windows Defender On Windows 10 Version 1709 For 32-bit Systems,Windows Defender On Windows 10 Version 1709 For X64-based Systems,Windows Defender On Windows 10 Version 1709 For Arm64-based Systems,Windows Defender On Windows 10 Version 1903 For 32-bit Systems,Windows Defender On Windows 10 Version 1903 For X64-based Systems,Windows Defender On Windows 10 Version 1903 For Arm64-based Systems,Windows Defender On Windows Server, Version 1903 (server Core Installation),Windows Defender On Windows 10 For 32-bit Systems,Windows Defender On Windows 10 For X64-based Systems,Windows Defender On Windows 10 Version 1607 For 32-bit Systems,Windows Defender On Windows 10 Version 1607 For X64-based Systems,Windows Defender On Windows Server 2016,Windows Defender On Windows Server 2016  (server Core Installation),Windows Defender On Windows 7 For 32-bit Systems,Windows Defender On Windows 7 For X64-based Systems,Windows Defender On Windows 8.1 For 32-bit Systems,Windows Defender On Windows 8.1 For X64-based Systems,Windows Defender On Windows Rt 8.1,Windows Defender On Windows Server 2008 For 32-bit Systems,Windows Defender On Windows Server 2008 For 32-bit Systems (server Core Installation),Windows Defender On Windows Server 2008 For Itanium-based Systems,Windows Defender On Windows Server 2008 R2 For Itanium-based Systems,Windows Defender On Windows Server 2008 R2 For X64-based Systems,Windows Defender On Windows Server 2008 R2 For X64-based Systems (server Core Installation),Windows Defender On Windows Server 2012,Windows Defender On Windows Server 2012 (server Core Installation),Windows Defender On Windows Server 2012 R2,Windows Defender On Windows Server 2012 R2 (server Core Installation)",7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2020-04-15T15:13:20.000Z,0
CVE-2019-1255,https://securityvulnerability.io/vulnerability/CVE-2019-1255,,"A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.",Microsoft,"Microsoft Security Essentials,Microsoft System Center,Microsoft Forefront Endpoint Protection,Windows Defender On Windows 7 For 32-bit Systems,Windows Defender On Windows 7 For X64-based Systems,Windows Defender On Windows Server 2008 R2 For X64-based Systems (server Core Installation),Windows Defender On Windows Server 2008 R2 For Itanium-based Systems,Windows Defender On Windows Server 2008 R2 For X64-based Systems,Windows Defender On Windows Server 2008 For 32-bit Systems (server Core Installation),Windows Defender On Windows Server 2012,Windows Defender On Windows Server 2012 (server Core Installation),Windows Defender On Windows 8.1 For 32-bit Systems,Windows Defender On Windows 8.1 For X64-based Systems,Windows Defender On Windows Server 2012 R2,Windows Defender On Windows Rt 8.1,Windows Defender On Windows Server 2012 R2 (server Core Installation),Windows Defender On Windows 10 For 32-bit Systems,Windows Defender On Windows 10 For X64-based Systems,Windows Defender On Windows Server 2016,Windows Defender On Windows 10 Version 1607 For 32-bit Systems,Windows Defender On Windows 10 Version 1607 For X64-based Systems,Windows Defender On Windows Server 2016  (server Core Installation),Windows Defender On Windows 10 Version 1703 For 32-bit Systems,Windows Defender On Windows 10 Version 1703 For X64-based Systems,Windows Defender On Windows 10 Version 1709 For 32-bit Systems,Windows Defender On Windows 10 Version 1709 For X64-based Systems,Windows Defender On Windows 10 Version 1803 For 32-bit Systems,Windows Defender On Windows 10 Version 1803 For X64-based Systems,Windows Defender On Windows Server, Version 1803  (server Core Installation),Windows Defender On Windows 10 Version 1803 For Arm64-based Systems,Windows Defender On Windows 10 Version 1809 For 32-bit Systems,Windows Defender On Windows 10 Version 1809 For X64-based Systems,Windows Defender On Windows 10 Version 1809 For Arm64-based Systems,Windows Defender On Windows Server 2019,Windows Defender On Windows Server 2019  (server Core Installation),Windows Defender On Windows 10 Version 1709 For Arm64-based Systems,Windows Defender On Windows 10 Version 1903 For 32-bit Systems,Windows Defender On Windows 10 Version 1903 For X64-based Systems,Windows Defender On Windows 10 Version 1903 For Arm64-based Systems,Windows Defender On Windows Server, Version 1903 (server Core Installation),Windows Defender On Windows Server 2008 For Itanium-based Systems,Windows Defender On Windows Server 2008 For 32-bit Systems",7.5,HIGH,0.002309999894350767,false,false,false,false,,false,false,2019-09-23T19:14:38.000Z,0
CVE-2019-1161,https://securityvulnerability.io/vulnerability/CVE-2019-1161,Microsoft Defender Elevation of Privilege Vulnerability,"An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.
To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again.
The update addresses the vulnerability and blocks the arbitrary deletion.
",Microsoft,"Microsoft Forefront Endpoint Protection 2010,Microsoft System Center Endpoint Protection,Microsoft System Center 2012 R2 Endpoint Protection,Microsoft Security Essentials,Microsoft System Center 2012 Endpoint Protection,Windows Defender",7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2019-08-14T20:55:03.000Z,0
CVE-2018-0986,https://securityvulnerability.io/vulnerability/CVE-2018-0986,,"A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka ""Microsoft Malware Protection Engine Remote Code Execution Vulnerability."" This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.",Microsoft,"Windows Defender,Windows Intune Endpoint Protection,Microsoft Security Essentials,Microsoft System Center Endpoint Protection,Microsoft Exchange Server,Microsoft System Center,Microsoft Forefront Endpoint Protection",8.8,HIGH,0.8941799998283386,false,false,false,false,,false,false,2018-04-04T17:00:00.000Z,0
CVE-2011-0037,https://securityvulnerability.io/vulnerability/CVE-2011-0037,,"Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.",Microsoft,"Forefront Client Security,Windows Defender,Malware Protection Engine,Forefront Endpoint Protection 2010,Windows Live Onecare,Malicious Software Removal Tool,Security Essentials",,,0.0005300000193528831,false,false,false,false,,false,false,2011-02-25T17:00:00.000Z,0
CVE-2009-0237,https://securityvulnerability.io/vulnerability/CVE-2009-0237,,"Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via ""authentication input"" to this component, aka ""Cross-Site Scripting Vulnerability.""",Microsoft,"Internet Security And Acceleration Server,Forefront Threat Management Gateway",,,0.8338900208473206,false,false,false,false,,false,false,2009-04-15T03:49:00.000Z,0
CVE-2009-0077,https://securityvulnerability.io/vulnerability/CVE-2009-0077,,"The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka ""Web Proxy TCP State Limited Denial of Service Vulnerability.""",Microsoft,"Internet Security And Acceleration Server,Forefront Threat Management Gateway",,,0.9491199851036072,false,false,false,false,,false,false,2009-04-15T03:49:00.000Z,0
CVE-2008-3013,https://securityvulnerability.io/vulnerability/CVE-2008-3013,,"gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka ""GDI+ GIF Parsing Vulnerability.""",Microsoft,"Powerpoint Viewer,Forefront Client Security,Digital Image Suite,Windows Xp,Internet Explorer,Windows Server 2008,Office,Windows Vista,Sql Server Reporting Services,Visio,Sql Server,Report Viewer,Works",,,0.9511299729347229,false,false,false,false,,false,false,2008-09-11T01:11:00.000Z,0
CVE-2008-3014,https://securityvulnerability.io/vulnerability/CVE-2008-3014,,"Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka ""GDI+ WMF Buffer Overrun Vulnerability.""",Microsoft,"Forefront Client Security,Server,Digital Image Suite,Internet Explorer,Office,Sql Server Reporting Services,Windows Vista,Visio,Windows-nt,Windows Xp,Sql Server,Report Viewer,Works,Office Powerpoint Viewer",,,0.8248999714851379,false,false,false,false,,false,false,2008-09-11T01:11:00.000Z,0
CVE-2008-3015,https://securityvulnerability.io/vulnerability/CVE-2008-3015,,"Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka ""GDI+ BMP Integer Overflow Vulnerability.""",Microsoft,"Forefront Client Security,Digital Image Suite,Office,Sql Server Reporting Services,Visio,Sql Server,Report Viewer,Works,Office Powerpoint Viewer",,,0.7206299901008606,false,false,false,false,,false,false,2008-09-11T01:11:00.000Z,0
CVE-2008-3012,https://securityvulnerability.io/vulnerability/CVE-2008-3012,,"gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka ""GDI+ EMF Memory Corruption Vulnerability.""",Microsoft,"Forefront Client Security,Office System,Server,Digital Image Suite,Internet Explorer,Office,Sql Server Reporting Services,Windows,Windows Vista,Visio,Windows-nt,Windows Xp,Sql Server,Report Viewer,Works,Office Powerpoint Viewer",,,0.6925600171089172,false,false,false,false,,false,false,2008-09-11T01:11:00.000Z,0
CVE-2007-5348,https://securityvulnerability.io/vulnerability/CVE-2007-5348,,"Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka ""GDI+ VML Buffer Overrun Vulnerability.""",Microsoft,"Forefront Client Security,Office System,Server,Digital Image Suite,Internet Explorer,Office,Sql Server Reporting Services,Windows,Windows Vista,Visio,Windows-nt,Windows Xp,Sql Server,Report Viewer,Works,Office Powerpoint Viewer",,,0.6690899729728699,false,false,false,false,,false,false,2008-09-11T01:01:00.000Z,0
CVE-2008-1437,https://securityvulnerability.io/vulnerability/CVE-2008-1437,,"Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.",Microsoft,"Forefront Client Security,Windows Defender,Forefront Security For Exchange Server,Antigen For Exchange,Antigen For Smtp Gateway,Malware Protection Engine,Windows Live Onecare,Diagnostics And Recovery Toolkit,Forefront Security For Sharepoint",,,0.8406699895858765,false,false,false,false,,false,false,2008-05-13T22:00:00.000Z,0
CVE-2008-1438,https://securityvulnerability.io/vulnerability/CVE-2008-1438,,"Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with ""crafted data structures"" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.",Microsoft,"Forefront Client Security,Windows Defender,Forefront Security For Exchange Server,Antigen For Exchange,Antigen For Smtp Gateway,Malware Protection Engine,Windows Live Onecare,Diagnostics And Recovery Toolkit,Forefront Security For Sharepoint",,,0.2925400137901306,false,false,false,false,,false,false,2008-05-13T22:00:00.000Z,0
CVE-2006-5270,https://securityvulnerability.io/vulnerability/CVE-2006-5270,,"Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file.",Microsoft,"Forefront Security,Malware Protection Engine,Windows Defender,Windows Live Onecare,Antigen",,,0.5148800015449524,false,false,false,false,,false,false,2007-02-13T20:00:00.000Z,0