CVE-2017-0290

Current Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."

Basic Data

PublishedMay 09, 2017
Last ModifiedMay 08, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionREQUIRED
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.8
CVSS 3 - Base SeverityHIGH
Exploitability Score1.8
Base SeverityHIGH

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoftForefront Security-*******
      2.3ApplicationMicrosoftMalware Protection Engine********1.1.13701.0
      2.3ApplicationMicrosoftWindows Defender-*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 10-*******
      2.3OSMicrosoftWindows 101511*******
      2.3OSMicrosoftWindows 101607*******
      2.3OSMicrosoftWindows 101703*******
      2.3OSMicrosoftWindows 7-sp1******
      2.3OSMicrosoftWindows 8.1********
      2.3OSMicrosoftWindows Rt 8.1-*******
      2.3OSMicrosoftWindows Server 2008-sp2******
      2.3OSMicrosoftWindows Server 2008r2sp1******
      2.3OSMicrosoftWindows Server 2012-gold******
      2.3OSMicrosoftWindows Server 2012r2*******
      2.3OSMicrosoftWindows Server 2016-*******

Vulnerable Software List

VendorProductVersions
Microsoft Forefront Security -
Microsoft Malware Protection Engine *
Microsoft Windows Defender -

References

NameSourceURLTags
98330http://www.securityfocus.com/bid/98330BIDThird Party Advisory VDB Entry
1038419http://www.securitytracker.com/id/1038419SECTRACK
1038420http://www.securitytracker.com/id/1038420SECTRACK
https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.htmlhttps://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.htmlMISC
https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerabilityMISCPress/Media Coverage Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252https://bugs.chromium.org/p/project-zero/issues/detail?id=1252MISCExploit Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290CONFIRMVendor Advisory
https://technet.microsoft.com/library/security/4022344https://technet.microsoft.com/library/security/4022344CONFIRMPATCH Vendor Advisory
https://twitter.com/natashenka/status/861748397409058816https://twitter.com/natashenka/status/861748397409058816MISCExploit Third Party Advisory
41975https://www.exploit-db.com/exploits/41975/EXPLOIT-DB