CVE-2017-8538

Current Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541.

Referenced by CVEs:CVE-2017-8540, CVE-2017-8541

Basic Data

PublishedMay 26, 2017
Last ModifiedAugust 13, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionREQUIRED
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.8
CVSS 3 - Base SeverityHIGH
Exploitability Score1.8
Base SeverityHIGH

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoftForefront Security-*******
      2.3ApplicationMicrosoftMalware Protection Engine********1.1.13704.0
      2.3ApplicationMicrosoftWindows Defender-*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoftExchange Server2013*******
      2.3ApplicationMicrosoftExchange Server2016*******
      2.3OSMicrosoftWindows 10********
      2.3OSMicrosoftWindows 101511*******
      2.3OSMicrosoftWindows 101607*******
      2.3OSMicrosoftWindows 101703*******
      2.3OSMicrosoftWindows 7-sp1******
      2.3OSMicrosoftWindows 8.1********
      2.3OSMicrosoftWindows Rt 8.1-*******
      2.3OSMicrosoftWindows Server 2008-sp2******
      2.3OSMicrosoftWindows Server 2008r2sp1******
      2.3OSMicrosoftWindows Server 2012-*******
      2.3OSMicrosoftWindows Server 2012r2*******
      2.3OSMicrosoftWindows Server 2016-*******

Vulnerable Software List

VendorProductVersions
Microsoft Forefront Security -
Microsoft Malware Protection Engine *
Microsoft Windows Defender -

References

NameSourceURLTags
98706http://www.securityfocus.com/bid/98706BIDThird Party Advisory VDB Entry
1038571http://www.securitytracker.com/id/1038571SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8538https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8538CONFIRMVendor Advisory
42081https://www.exploit-db.com/exploits/42081/EXPLOIT-DB