cnvd - cnvd-2018-07296

CNVD-2018-07296

Vulnerability from cnvd - Published: 2018-04-10

Title

Microsoft Malware Protection Engine远程代码执行漏洞（CNVD-2018-07296）

Description

Microsoft Malware Protection Engine是恶意程序保护引擎。 Microsoft Malware Protection Engine存在远程代码执行漏洞，攻击者可利用漏洞在受影响的系统环境中执行任意代码。

Severity

高

Patch Name

Microsoft Malware Protection Engine远程代码执行漏洞（CNVD-2018-07296）的补丁

Patch Description

Microsoft Malware Protection Engine是恶意程序保护引擎。 Microsoft Malware Protection Engine存在远程代码执行漏洞，攻击者可利用漏洞在受影响的系统环境中执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986

Reference

https://securitytracker.com/id/1040631 https://www.securityfocus.com/bid/103593

Impacted products

Name
['Microsoft Forefront Endpoint Protection 2010', 'Microsoft Security Essentials', 'Microsoft Windows Defender', 'Microsoft Exchange Server 2016', 'Microsoft Windows Intune Endpoint Protection 0', 'Microsoft Exchange Server 2013']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0986"
    }
  },
  "description": "Microsoft Malware Protection Engine\u662f\u6076\u610f\u7a0b\u5e8f\u4fdd\u62a4\u5f15\u64ce\u3002\r\n\r\nMicrosoft Malware Protection Engine\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u73af\u5883\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Thomas Dullien of Google Project Zero",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07296",
  "openTime": "2018-04-10",
  "patchDescription": "Microsoft Malware Protection Engine\u662f\u6076\u610f\u7a0b\u5e8f\u4fdd\u62a4\u5f15\u64ce\u3002\r\n\r\nMicrosoft Malware Protection Engine\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u73af\u5883\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Malware Protection Engine\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-07296\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Forefront Endpoint Protection 2010",
      "Microsoft Security Essentials",
      "Microsoft Windows Defender",
      "Microsoft Exchange Server 2016",
      "Microsoft Windows Intune Endpoint Protection 0",
      "Microsoft Exchange Server 2013"
    ]
  },
  "referenceLink": "https://securitytracker.com/id/1040631\r\nhttps://www.securityfocus.com/bid/103593",
  "serverity": "\u9ad8",
  "submitTime": "2018-04-08",
  "title": "Microsoft Malware Protection Engine\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-07296\uff09"
}

CVE-2018-0986 (GCVE-0-2018-0986)

Vulnerability from cvelistv5 – Published: 2018-04-04 17:00 – Updated: 2024-08-05 03:44

Summary

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.

Severity ?

No CVSS data available.

CWE

Remote Code Execution

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1040631	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/103593	vdb-entryx_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/44402/	exploitx_refsource_EXPLOIT-DB

Impacted products

Vendor

Product

Version

Microsoft

Windows Defender

Affected: Windows 10 for 32-bit Systems
Affected: Windows 10 for x64-based Systems
Affected: Windows 10 Version 1511 for 32-bit Systems
Affected: Windows 10 Version 1511 for x64-based Systems
Affected: Windows 10 Version 1607 for 32-bit Systems
Affected: Windows 10 Version 1607 for x64-based Systems
Affected: Windows 10 Version 1703 for 32-bit Systems
Affected: Windows 10 Version 1703 for x64-based Systems
Affected: Windows 10 Version 1709 for 32-bit Systems
Affected: Windows 10 Version 1709 for x64-based Systems
Affected: Windows 7 for 32-bit Systems Service Pack 1
Affected: Windows 7 for x64-based Systems Service Pack 1
Affected: Windows 8.1 for 32-bit systems
Affected: Windows 8.1 for x64-based systems
Affected: Windows RT 8.1
Affected: Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Affected: Windows Server 2008 R2 for x64-based Systems Service Pack 1
Affected: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Affected: Windows Server 2012
Affected: Windows Server 2012 (Server Core installation)
Affected: Windows Server 2012 R2
Affected: Windows Server 2012 R2 (Server Core installation)
Affected: Windows Server 2016
Affected: Windows Server 2016 (Server Core installation)
Affected: Windows Server, version 1709 (Server Core Installation)

Microsoft	Windows Intune Endpoint Protection	Affected: Windows Intune Endpoint Protection
Microsoft	Microsoft Security Essentials	Affected: Microsoft Security Essentials
Microsoft	Microsoft System Center Endpoint Protection	Affected: Microsoft System Center Endpoint Protection
Microsoft	Microsoft Exchange Server	Affected: 2013 Affected: 2016
Microsoft	Microsoft System Center	Affected: 2012 Endpoint Protection Affected: 2012 R2 Endpoint Protection
Microsoft	Microsoft Forefront Endpoint Protection	Affected: 2010

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:44:11.806Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040631",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040631"
          },
          {
            "name": "103593",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103593"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986"
          },
          {
            "name": "44402",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44402/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows Defender",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1511 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1511 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "Windows RT 8.1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 R2 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "Windows Server 2016"
            },
            {
              "status": "affected",
              "version": "Windows Server 2016  (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "Windows Server, version 1709  (Server Core Installation)"
            }
          ]
        },
        {
          "product": "Windows Intune Endpoint Protection",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows Intune Endpoint Protection"
            }
          ]
        },
        {
          "product": "Microsoft Security Essentials",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Security Essentials"
            }
          ]
        },
        {
          "product": "Microsoft System Center Endpoint Protection",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft System Center Endpoint Protection"
            }
          ]
        },
        {
          "product": "Microsoft Exchange Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2013"
            },
            {
              "status": "affected",
              "version": "2016"
            }
          ]
        },
        {
          "product": "Microsoft System Center",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2012 Endpoint Protection"
            },
            {
              "status": "affected",
              "version": "2012 R2 Endpoint Protection"
            }
          ]
        },
        {
          "product": "Microsoft Forefront Endpoint Protection",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2010"
            }
          ]
        }
      ],
      "datePublic": "2018-04-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\" This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-12T00:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1040631",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040631"
        },
        {
          "name": "103593",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103593"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986"
        },
        {
          "name": "44402",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44402/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-0986",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Windows Defender",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 10 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1511 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1511 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "Windows RT 8.1"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
                          },
                          {
                            "version_value": "Windows Server 2012"
                          },
                          {
                            "version_value": "Windows Server 2012 (Server Core installation)"
                          },
                          {
                            "version_value": "Windows Server 2012 R2"
                          },
                          {
                            "version_value": "Windows Server 2012 R2 (Server Core installation)"
                          },
                          {
                            "version_value": "Windows Server 2016"
                          },
                          {
                            "version_value": "Windows Server 2016  (Server Core installation)"
                          },
                          {
                            "version_value": "Windows Server, version 1709  (Server Core Installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Intune Endpoint Protection",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows Intune Endpoint Protection"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Security Essentials",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Security Essentials"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft System Center Endpoint Protection",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft System Center Endpoint Protection"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Exchange Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2013"
                          },
                          {
                            "version_value": "2016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft System Center",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2012 Endpoint Protection"
                          },
                          {
                            "version_value": "2012 R2 Endpoint Protection"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Forefront Endpoint Protection",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2010"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\" This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040631",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040631"
            },
            {
              "name": "103593",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103593"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986"
            },
            {
              "name": "44402",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44402/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-0986",
    "datePublished": "2018-04-04T17:00:00",
    "dateReserved": "2017-12-01T00:00:00",
    "dateUpdated": "2024-08-05T03:44:11.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-07296

CVE-2018-0986 (GCVE-0-2018-0986)

Tags

Sightings

Nomenclature