CVE-2017-8542
MEDIUMMicrosoft Malware Protection Engine < 1.1.13704.0 - Denial of Service via Crafted File Scan
Title source: llmDescription
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98707
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038571
Scores
CVSS v3
5.5
EPSS
0.1918
EPSS Percentile
95.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
CWE-369
CWE-476
CWE-674
Status
published
Products (4)
microsoft/forefront_security
microsoft/malware_protection_engine
< 1.1.13704.0
microsoft/windows_defender
Microsoft Corporation/Malware Protection
Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows
Published
May 26, 2017
Tracked Since
Feb 18, 2026