AI description
CVE-2026-45584 is identified as a heap-based buffer overflow vulnerability found within Microsoft Defender, specifically impacting the Microsoft Malware Protection Engine. This flaw allows an unauthorized attacker to execute code over a network. The vulnerability stems from improper input validation and memory management, particularly when processing malicious inputs that exceed allocated buffer boundaries in heap memory structures. Exploitation of this weakness can lead to attackers overwriting adjacent memory locations and potentially injecting malicious code that executes with the privileges of the Defender process.
- Description
- Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- malware_protection_engine
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-122
- Hype score
- Not currently trending
CVE-2026-45584: Microsoft Defender Heap-Based Buffer Overflow - What It Means for Your Business and How to Respond https://t.co/lfL0zZx2ie
@integ_sec
6 Jun 2026
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/oRe1yxVAe2 Check for updates: Defender vulnerabilities were actively exploited. Microsoft has patched three security vulnerabilities in Defender that organizations should check: CVE-2026-41091, CVE-2026-45584, and CVE-2026-45498. Two of the vulnerabilities have r
@B2bCyber
2 Jun 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Updates prüfen: Defender-Lücken wurden aktiv attackiert https://t.co/0ken7JP267 Microsoft hat drei Sicherheitslücken in Defender geschlossen, die Unternehmen prüfen sollten: Betroffen sind CVE-2026-41091, CVE-2026-45584 und CVE-2026-45498. Zwei der Schwachstellen wurden lau
@B2bCyber
2 Jun 2026
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The latest Windows Antivirus Platform 4.18.26040.7 and Engine 1.1.26040.8 fix three security issues, two of them already exploited and publicly available... CVE-2026-41091 (RedSun) CVE-2026-45498 (UnDefend) CVE-2026-45584 (???) #MDE #MDAV https://t.co/yDSi6HaTZK
@fabian_bader
20 May 2026
10058 Impressions
9 Retweets
21 Likes
5 Bookmarks
2 Replies
1 Quote
A severe vulnerability was disclosed for Microsoft Malware Protection Engine (CVE-2026-45584) https://t.co/rDk6X9Lot4
@vuldb
20 May 2026
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1882FA-1447-46F7-A592-142F55820A60",
"versionEndExcluding": "1.1.26040.8",
"versionStartIncluding": "1.1.26030.3008",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]