CVE-2017-0290

HIGH

Microsoft Forefront Security < 1.1.13701.0 - Memory Corruption

Title source: rule

Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."

Exploits (4)

exploitdb WORKING POC VERIFIED
by Google Security Research · textremotewindows
https://www.exploit-db.com/exploits/41975
github WRITEUP 3,480 stars
by qazbnm456 · poc
https://github.com/qazbnm456/awesome-cve-poc/tree/master/CVE-2017-0290.md
github WRITEUP 14 stars
by xbl3 · poc
https://github.com/xbl3/awesome-cve-poc_qazbnm456/tree/master/CVE-2017-0290.md
nomisec SUSPICIOUS
by homjxi0e · poc
https://github.com/homjxi0e/CVE-2017-0290-

References (10)

Scores

CVSS v3 7.8
EPSS 0.8821
EPSS Percentile 99.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (4)
microsoft/forefront_security
microsoft/malware_protection_engine < 1.1.13701.0
microsoft/windows_defender
Microsoft Corporation/Microsoft Malware Protection Engine Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows
Published May 09, 2017
Tracked Since Feb 18, 2026