CVE-2017-11937

Current Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

Referenced by CVEs:CVE-2017-11940

Basic Data

PublishedDecember 07, 2017
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionREQUIRED
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.8
CVSS 3 - Base SeverityHIGH
Exploitability Score1.8
Base SeverityHIGH

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoftMalware Protection Engine********1.1.14306.0
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoftExchange Server2013*******
      2.3ApplicationMicrosoftExchange Server2016*******
      2.3ApplicationMicrosoftForefront Endpoint Protection 2010-*******
      2.3ApplicationMicrosoftWindows Defender-*******
      2.3OSMicrosoftWindows 10-*******
      2.3OSMicrosoftWindows 101511*******
      2.3OSMicrosoftWindows 101607*******
      2.3OSMicrosoftWindows 101703*******
      2.3OSMicrosoftWindows 101709*******
      2.3OSMicrosoftWindows 7-sp1******
      2.3OSMicrosoftWindows 8.1-*******
      2.3OSMicrosoftWindows Rt 8.1-*******
      2.3OSMicrosoftWindows Server 2016-*******
      2.3OSMicrosoftWindows Server 20161709*******

Vulnerable Software List

VendorProductVersions
Microsoft Malware Protection Engine *

References

NameSourceURLTags
102070http://www.securityfocus.com/bid/102070BIDThird Party Advisory VDB Entry
1039972http://www.securitytracker.com/id/1039972SECTRACKThird Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11937https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11937CONFIRMPATCH Vendor Advisory