HTTP: Microsoft Windows Defender CVE-2017-11937 Heap Overflow

This signature attemps to block A Heap Buffer Overflow vulnerability in Windows Defender. Successful exploitation of this vulnerability can achieve Remote Code Execution.

Extended Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

References

CVE: CVE-2017-11937

Short Name
HTTP:STC:CVE-2017-11937-HOF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-11937 Defender Heap Microsoft Overflow Windows
Release Date
12/12/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3717
False Positive
Unknown
CVSS Score

9.3

Found a potential security threat?