MS13-034: Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The Microsoft Antimalware Client on the remote host is affected by a
privilege escalation vulnerability.

Description :

The remote host is running a version of the Microsoft Antimalware
Client that could allow elevation of privilege due to the way that
pathnames are used. By successfully exploiting this vulnerability, an
attacker could execute arbitrary code and take complete control of an
affected system. But the attacker must have valid login credentials in
order to exploit the vulnerability and it cannot be exploited by
anonymous users.

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS13-034

Solution :

Microsoft has released a set of patches for Windows 8.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 65881 ()

Bugtraq ID: 58847

CVE ID: CVE-2013-0078