Description
Multiple serious vulnerabilities have been found in Microsoft Malware Protection Engine. Malicious users can exploit these vulnerabilities to cause a denial of service and execute arbitrary code.
Below is a complete list of vulnerabilities:
- Multiple vulnerabilities related to an improper scanning leading to scan timeout can be exploited remotely via a specially designed file to cause a denial of service;
- Multiple vulnerabilities related to an improper scanning leading to memory corruption can be exploited remotely via a specially designed file to execute arbitrary code.
Technical details
To exploit all vulnerabilities, an attacker has to put a specially designed file to a directory scanned by the Microsoft Malware Protection Engine. It can be done via a website when it is being viewed by a user, via email message or an Instant Messenger message or a shared location.
Original advisories
- CVE-2017-8539
- CVE-2017-8538
- CVE-2017-8542
- CVE-2017-8535
- CVE-2017-8541
- CVE-2017-8537
- CVE-2017-8536
- CVE-2017-8542
- CVE-2017-8541
- CVE-2017-8540
- CVE-2017-8539
- CVE-2017-8538
- CVE-2017-8537
- CVE-2017-8536
- CVE-2017-8535
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Exchange-Server
- Microsoft-Windows-10
CVE list
- CVE-2017-8542 high
- CVE-2017-8541 critical
- CVE-2017-8540 critical
- CVE-2017-8539 high
- CVE-2017-8538 critical
- CVE-2017-8537 high
- CVE-2017-8536 high
- CVE-2017-8535 high
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com