#VU6803 Improper input validation in Microsoft products - CVE-2017-8542
Published: May 30, 2017
Vulnerability identifier: #VU6803
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-8542
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Microsoft Malware Protection Engine
Windows Defender
Microsoft Security Essentials
Microsoft Endpoint Protection
Windows Intune Endpoint Protection
Microsoft Forefront Endpoint Protection
Microsoft Exchange Server
Microsoft Malware Protection Engine
Windows Defender
Microsoft Security Essentials
Microsoft Endpoint Protection
Windows Intune Endpoint Protection
Microsoft Forefront Endpoint Protection
Microsoft Exchange Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing specially crafted files within Microsoft Malware Protection Engine (mpengine.dll). A remote attacker can create a specially crafted file, pass it to the affected application and trigger a scan timeout.
Successful exploitation of the vulnerability may allow an attacker to disable anti-malware protection on the system until the affected service is restarted.
Remediation
Update Microsoft Malware Protection Engine (mpengine.dll) to version 1.1.13804.0.