Denial of Service Vulnerability in Microsoft Malware Protection Engine on Various Windows Products
CVE-2017-8537

5.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Malware Protection Engine
Vendor
CVE Published:
26 May 2017

Summary

The Microsoft Malware Protection Engine is vulnerable to a denial of service condition due to improper scanning of specially crafted files. This affects various Microsoft products, including Windows operating systems from Server 2008 to 2016, as well as Microsoft Exchange Server 2013 and 2016. Exploitation of this vulnerability may lead to system instability and increased downtime, thereby impacting the security and availability of systems running these platforms.

Affected Version(s)

Malware Protection Engine Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016.

References

https://www.exploit-db.com/exploits/42081/
exploitx_refsource_EXPLOIT-DB
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/98705
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.