h/t @nyanbinary

so let me get this straight
microsoft defender, the built-in antivirus tool for windows

has a heap based buffer overflow that leads to remote code execution

if you get it to scan a file, and that file is crafted the right way.

the antivirus tool is the carrier for the execution of malware.