Main Vulnerability Database Vulnerabilities #VU21290

#VU21290 Input validation error in Microsoft products - CVE-2019-1255

Published: September 23, 2019

Vulnerability identifier: #VU21290

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-1255

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Security Essentials
Windows Defender
Microsoft Forefront Endpoint Protection

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of files within the Microsoft Malware Protection Engine in Microsoft Defender. A remote attacker can create a specially crafted file, trick the victim into executing it and prevent legitimate accounts from executing legitimate system binaries.

Remediation

Install updates from vendor's website.

This vulnerability was addressed in Microsoft Malware Protection Engine 1.1.16400.2.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255

#VU21290 Input validation error in Microsoft products - CVE-2019-1255

Description

Remediation

External links

Please verify you're human