FKIE_CVE-2017-8540

Vulnerability from fkie_nvd - Published: 2017-05-26 20:29 - Updated: 2025-10-22 00:16
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
References
secure@microsoft.comhttp://www.securityfocus.com/bid/98703Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.securitytracker.com/id/1038571Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540Mitigation, Patch, Vendor Advisory
secure@microsoft.comhttps://www.exploit-db.com/exploits/42088/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98703Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038571Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/42088/Exploit, Third Party Advisory, VDB Entry
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8540
Impacted products
Vendor Product Version
microsoft malware_protection_engine *
microsoft windows_10_1507 -
microsoft windows_10_1511 -
microsoft windows_10_1607 -
microsoft windows_10_1703 -
microsoft windows_7 -
microsoft windows_8.1 -
microsoft windows_rt_8.1 -
microsoft windows_server_2008 -
microsoft windows_server_2008 r2
microsoft windows_server_2012 -
microsoft windows_server_2012 r2
microsoft windows_server_2016 -
microsoft endpoint_protection -
microsoft exchange_server 2013
microsoft exchange_server 2016
microsoft forefront_endpoint_protection -
microsoft forefront_endpoint_protection 2010
microsoft forefront_security -
microsoft intune_endpoint_protection -
microsoft security_essentials -
microsoft system_center_endpoint_protection -
microsoft windows_defender -
To clipboard 

{
  "cisaActionDue": "2022-03-24",
  "cisaExploitAdd": "2022-03-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "232A1DC9-D943-407F-B82C-3D7522E19A18",
              "versionEndExcluding": "1.1.13704.0",
              "versionStartIncluding": "1.1.13701.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A8E9D99-BD78-4340-88F2-5AFF27AC37C9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1DD582C-1660-4E6E-81A1-537BD1307A99",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:endpoint_protection:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC297F51-9742-43A2-8783-53B7E4D5E435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:-:*:*:*:*:*:*",
              "matchCriteriaId": "27EF8DB7-D5A0-47A8-9F69-7D0259490D69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*",
              "matchCriteriaId": "8039FBA1-73D4-4FF2-B183-0DCC961CBFF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC9503E8-6282-4F3A-A6DA-0FA8A9BD941B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55E0DDF-4D05-4E5F-BC54-790A722E87A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_security:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB6F1182-AC87-4A8E-841D-25C94DD7116A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:intune_endpoint_protection:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC8E84F-EEC0-4803-9779-8A49658F2180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "194DE421-9536-4001-9A27-6C88805421EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\", a different vulnerability than CVE-2017-8538 and CVE-2017-8541."
    },
    {
      "lang": "es",
      "value": "El Motor de Protecci\u00f3n de Malware de Microsoft ejecutado en Microsoft Forefront y Microsoft Defender en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows versi\u00f3n 8.1, Windows Server 2012 versi\u00f3n Gold y R2, Windows RT versi\u00f3n 8.1, Windows 10 versiones Gold, 1511, 1607 y 1703 y Windows Server 2016, Microsoft Exchange Server 2013 y 2016, no analiza apropiadamente un archivo especialmente dise\u00f1ado conllevando a una corrupci\u00f3n de memoria. tambi\u00e9n se conoce como \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\", una vulnerabilidad diferente de CVE-2017-8538 y CVE-2017-8541."
    }
  ],
  "id": "CVE-2017-8540",
  "lastModified": "2025-10-22T00:16:11.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2017-05-26T20:29:00.427",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98703"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038571"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42088/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42088/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8540"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.