HTTP: Windows Defender CVE-2018-0986 Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Windows Defender. A successful attack can lead to arbitrary code execution.
Extended Description
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.
Affected Products
Microsoft system_center_endpoint_protection
References
BugTraq: 103593
CVE: CVE-2018-0986
URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=1543&desc=2
Short Name
HTTP:STC:DL:CVE-2018-0986-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-0986 Code Defender Execution Remote Windows bid:103593
Release Date
04/11/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3601
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3