Main Vulnerability Database Exploits ID:8700 - Exploit for Absolute Path Traversal in Microsoft Malware Protection Engine - CVE-2022-37971

ID:8700 - Exploit for Absolute Path Traversal in Microsoft Malware Protection Engine - CVE-2022-37971

Published: December 28, 2022

Vulnerability identifier: #VU68139

Vulnerability risk: Low

CVE-ID: CVE-2022-37971

CWE-ID: CWE-36

Exploitation vector: Local access

Vulnerable software:
Microsoft Malware Protection Engine

Link to public exploit:

https://github.com/SafeBreach-Labs/aikido_wiper

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient path processing in the Microsoft Windows Defender. A local user can delete arbitrary files and folders on the system and escalate privileges.

Remediation

Install updates from vendor's website.

ID:8700 - Exploit for Absolute Path Traversal in Microsoft Malware Protection Engine - CVE-2022-37971

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human