Description
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Google Security Research · textdoswindows
https://www.exploit-db.com/exploits/42081
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/42081/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98702
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038571
Scores
CVSS v3
5.5
EPSS
0.0495
EPSS Percentile
89.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
CWE-674
CWE-369
CWE-476
Status
published
Products (10)
microsoft/endpoint_protection
microsoft/exchange_server
2013
microsoft/exchange_server
2016
microsoft/forefront_endpoint_protection
microsoft/forefront_endpoint_protection
2010
microsoft/security_essentials
microsoft/system_center_endpoint_protection
microsoft/windows_defender
microsoft/windows_intune_endpoint_protection
Microsoft Corporation/Malware Protection Engine
Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows
Published
May 26, 2017
Tracked Since
Feb 18, 2026