CVE-2017-8535

MEDIUM

Microsoft Windows Defender - Divide By Zero

Title source: rule

Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/42081

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98702

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038571

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42081/

Scores

CVSS v3 5.5

EPSS 0.0495

EPSS Percentile 89.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119 CWE-674 CWE-369 CWE-476

Status draft

Affected Products (9)

microsoft/windows_defender

microsoft/endpoint_protection

microsoft/exchange_server

microsoft/exchange_server

microsoft/forefront_endpoint_protection

microsoft/forefront_endpoint_protection

microsoft/security_essentials

microsoft/system_center_endpoint_protection

microsoft/windows_intune_endpoint_protection

Timeline

Published May 26, 2017

Tracked Since Feb 18, 2026