Exploit for #VU6795 Improper input validation in Microsoft Server applications

Exploit for #VU6795 Improper input validation in Microsoft Server applications

Published: 2020-03-18

Vulnerability identifier: #VU6795

Vulnerability risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-8535

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 1

March 18, 2020
- Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files [Exploit-DB]

Impact: Denial of service

Vulnerable software:
Microsoft Malware Protection Engine
Client/Desktop applications / Antivirus software/Personal firewalls
Windows Defender
Client/Desktop applications / Antivirus software/Personal firewalls
Microsoft Security Essentials
Client/Desktop applications / Antivirus software/Personal firewalls
Microsoft Endpoint Protection
Client/Desktop applications / Antivirus software/Personal firewalls
Windows Intune Endpoint Protection
Client/Desktop applications / Antivirus software/Personal firewalls
Microsoft Forefront Endpoint Protection
Server applications / DLP, anti-spam, sniffers
Microsoft Exchange Server
Server applications / Mail servers

Vendor: Microsoft