Описание
Multiple serious vulnerabilities have been found in Microsoft Malware Protection Engine. Malicious users can exploit these vulnerabilities to cause a denial of service and execute arbitrary code.
Below is a complete list of vulnerabilities:
- Multiple vulnerabilities related to an improper scanning leading to scan timeout can be exploited remotely via a specially designed file to cause a denial of service;
- Multiple vulnerabilities related to an improper scanning leading to memory corruption can be exploited remotely via a specially designed file to execute arbitrary code.
Technical details
To exploit all vulnerabilities, an attacker has to put a specially designed file to a directory scanned by the Microsoft Malware Protection Engine. It can be done via a website when it is being viewed by a user, via email message or an Instant Messenger message or a shared location.
Первичный источник обнаружения
- CVE-2017-8540
CVE-2017-8539
CVE-2017-8538
CVE-2017-8542
CVE-2017-8535
CVE-2017-8541
CVE-2017-8537
CVE-2017-8536
CVE-2017-8542
CVE-2017-8541
CVE-2017-8540
CVE-2017-8539
CVE-2017-8538
CVE-2017-8537
CVE-2017-8536
CVE-2017-8535
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Exchange-Server
- Microsoft-Windows-10
Список CVE
- CVE-2017-8542 high
- CVE-2017-8541 critical
- CVE-2017-8540 critical
- CVE-2017-8539 high
- CVE-2017-8538 critical
- CVE-2017-8537 high
- CVE-2017-8536 high
- CVE-2017-8535 high
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com