CVE-2018-0986

HIGH EXPLOITED RANSOMWARE

Microsoft Exchange Server - Out-of-Bounds Write

Title source: rule

Description

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/44402

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103593

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040631

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44402/

Scores

CVSS v3 8.8

EPSS 0.7537

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2020-02-25

Ransomware Use Confirmed

CWE

CWE-787

Status published

Products (8)

microsoft/exchange_server 2013

microsoft/exchange_server 2016

microsoft/forefront_endpoint_protection_2010

microsoft/intune_endpoint_protection

microsoft/security_essentials

microsoft/system_center_endpoint_protection

microsoft/system_center_endpoint_protection 2012 (2 CPE variants)

microsoft/windows_defender

Published Apr 04, 2018

Tracked Since Feb 18, 2026