HTTP: Microsoft Malware Protection Engine Remote Code Execution Vulnerability

The Microsoft Malware Protection Engine does not properly scan a specially crafted file leading to memory corruption.

Extended Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."

References

CVE: CVE-2017-0290

Short Name
HTTP:STC:CVE-2017-0290-RCE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-0290 Code Engine Execution Malware Microsoft Protection Remote Vulnerability
Release Date
05/16/2017
Supported Platforms

srx-branch-19.3

vsrx3bsd-19.2

srx-19.4

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

vsrx-19.2

srx-19.3

srx-branch-12.3

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx-12.3

vmx-19.3

srx-12.3

Sigpack Version
3415
False Positive
Unknown
CVSS Score

9.3

Found a potential security threat?