VYPR
Unrated severityNVD Advisory· Published Jul 10, 2013· Updated Jun 16, 2026

CVE-2013-3154

CVE-2013-3154

Description

The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:microsoft:windows_defender:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:windows_defender:*:*:*:*:*:*:*:*
    • (no CPE)range: on Windows 7 / Windows Server 2008 R2
  • cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
    • (no CPE)
  • cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.