#VU6796 Improper input validation in Microsoft products - CVE-2017-8536
Published: May 30, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU6796
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2017-8536
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Microsoft Malware Protection Engine
Windows Defender
Microsoft Security Essentials
Microsoft Endpoint Protection
Windows Intune Endpoint Protection
Microsoft Forefront Endpoint Protection
Microsoft Exchange Server
Microsoft Malware Protection Engine
Windows Defender
Microsoft Security Essentials
Microsoft Endpoint Protection
Windows Intune Endpoint Protection
Microsoft Forefront Endpoint Protection
Microsoft Exchange Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing specially crafted files within Microsoft Malware Protection Engine (mpengine.dll). A remote attacker can create a specially crafted file, pass it to the affected application and trigger a scan timeout.
Successful exploitation of the vulnerability may allow an attacker to disable anti-malware protection on the system until the affected service is restarted.
Remediation
Update Microsoft Malware Protection Engine (mpengine.dll) to version 1.1.13804.0.