CVE-2017-8540

Known Exploited Vulnerability Entry External Catalog

Back to Catalog View Vulnerability
Entry Details

CVE-2017-8540

Confirmed

Yes

2022-03-03 00:00 UTC

Timestamps

2022-03-03

2022-03-03

Scope

KEV entry: Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability | Affected: Microsoft / Malware Protection Engine | Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-8540

References
  • {'id': 'CVE-2017-8540', 'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-8540'}

ba7410db-27e0-4375-abfc-5950b95c58cd

405284c2-e461-4670-8979-7fd2c9755a60

2026-02-02 12:28 UTC

2026-02-06 07:17 UTC

Evidence (1)
Type Source Signal Confidence Details GCVE Metadata
vendor_report cisa-kev successful_exploitation 0.80
View details 
{
  "cwes": [
    "CWE-119"
  ],
  "date_added": "2022-03-03",
  "due_date": "2022-03-24",
  "feed": "CISA Known Exploited Vulnerabilities Catalog",
  "knownRansomwareCampaignUse": "Unknown",
  "product": "Malware Protection Engine",
  "vendorProject": "Microsoft",
  "vulnerabilityName": "Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability"
}
 -
Export Options
JSON Object JSON API View Full Catalog