← Volver a CVEs
CVE-2017-8540
HIGHCISA KEV7.8
Descripcion
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado5/26/2017
Ultima modificacion4/22/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorMicrosoft
ProductoMalware Protection Engine
Nombre vulnerabilidadMicrosoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Fecha inclusion KEV2022-03-03
Fecha limite remediacion2022-03-24
Uso en ransomwareUnknown
Productos afectados
microsoft:endpoint_protectionmicrosoft:exchange_servermicrosoft:forefront_endpoint_protectionmicrosoft:forefront_securitymicrosoft:intune_endpoint_protectionmicrosoft:malware_protection_enginemicrosoft:security_essentialsmicrosoft:system_center_endpoint_protectionmicrosoft:windows_10_1507microsoft:windows_10_1511microsoft:windows_10_1607microsoft:windows_10_1703microsoft:windows_7microsoft:windows_8.1microsoft:windows_defendermicrosoft:windows_rt_8.1microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016
Debilidades (CWE)
CWE-787CWE-787
Referencias
http://www.securityfocus.com/bid/98703(secure@microsoft.com)
http://www.securitytracker.com/id/1038571(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540(secure@microsoft.com)
https://www.exploit-db.com/exploits/42088/(secure@microsoft.com)
http://www.securityfocus.com/bid/98703(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038571(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/42088/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8540(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.