CVE-2017-11940
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937.
Affected (1)
Products: Microsoft: Malware Protection Engine
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.1.14306.0 |
| Running on/with | Platform Versions |
|---|---|
Microsoft Exchange Server | Version 2013 |
Microsoft Forefront Endpoint Protection 2010 | All versions |
Microsoft Windows 10 | All versions |
Microsoft Windows 7 | All versions |
Microsoft Windows 8.1 | All versions |
Microsoft Windows Defender | All versions |
Microsoft Windows Rt 8.1 | All versions |
Microsoft Windows Server 2016 | All versions |
References (6)
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.