Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-8535

CWE-119 — Buffer Overflow CWE-369 CWE-476 — NULL Pointer Dereference CWE-674 — Uncontrolled Recursion5 documents5 sources

Severity

5.5MEDIUM

EPSS

5.0%

top 10.35%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation Malware Protection Microsoft Corporation Malware Protection Engine Microsoft Exchange Server +1 more

Timeline

PublishedMay 26

Latest updateMay 13

Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerabil…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5microsoft_corporation/malware_protection_engineMicrosoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016.

▶NVDmicrosoft/exchange_server2013, 2016+1

▶CVEListV5microsoft_corporation/malware_protectionMicrosoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016.

▶NVDmicrosoft/forefront_endpoint_protection2010

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-h2pr-84p4-xhj2: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows↗2022-05-13

▶

CVEList

CVE-2017-8535: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows↗2017-05-26

▶

💥Exploits & PoCs

Exploit-DB

Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files↗2017-05-29

▶

📋Vendor Advisories

Microsoft

Microsoft Malware Protection Engine Denial of Service Vulnerability↗2017-05-09

▶

External resources

NVD MITRE

Affected products4

Microsoft Corporation Malware ProtectionvMicrosoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016.

Microsoft Corporation Malware Protection EnginevMicrosoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016.

Microsoft Exchange Serverv2013v2016

Microsoft Forefront Endpoint Protectionv2010

Disclosure

PublishedMay 26, 2017

Latest updateMay 13, 2022