Main
Vulnerability Database
Exploits
ID:1220 - Exploit for Improper input validation in Microsoft products - CVE-2017-8537
ID:1220 - Exploit for Improper input validation in Microsoft products - CVE-2017-8537
Published: March 18, 2020
Vulnerability identifier: #VU6797
Vulnerability risk: Medium
CVE-ID: CVE-2017-8537
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Microsoft Malware Protection Engine
Windows Defender
Microsoft Security Essentials
Microsoft Forefront Endpoint Protection
Microsoft Endpoint Protection
Microsoft Exchange Server
Windows Intune Endpoint Protection
Microsoft Malware Protection Engine
Windows Defender
Microsoft Security Essentials
Microsoft Forefront Endpoint Protection
Microsoft Endpoint Protection
Microsoft Exchange Server
Windows Intune Endpoint Protection
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing specially crafted files within Microsoft Malware Protection Engine (mpengine.dll). A remote attacker can create a specially crafted file, pass it to the affected application and trigger a scan timeout.
Successful exploitation of the vulnerability may allow an attacker to disable anti-malware protection on the system until the affected service is restarted.
Remediation
Update Microsoft Malware Protection Engine (mpengine.dll) to version 1.1.13804.0.