CVE-2017-8540
Summary
| CVE | CVE-2017-8540 |
|---|---|
| State | PUBLISHED |
| Assigner | microsoft |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-05-26 20:29:00 UTC |
| Updated | 2026-04-22 13:47:56 UTC |
| Description | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541. |
Risk And Classification
Primary CVSS: v3.1 7.8 HIGH from [email protected]
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS: 0.846130000 probability, percentile 0.993370000 (date 2026-04-22)
CISA KEV: Listed on 2022-03-03; due 2022-03-24; ransomware use Unknown
Problem Types: CWE-787 | Remote Code Execution | CWE-787 CWE-787 Out-of-bounds Write
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | ADP | DECLARED | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
CISA Known Exploited Vulnerability
| Vendor | Microsoft |
|---|---|
| Product | Malware Protection Engine |
| Name | Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2017-8540 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Endpoint Protection | - | All | All | All |
| Application | Microsoft | Exchange Server | 2013 | - | All | All |
| Application | Microsoft | Exchange Server | 2016 | - | All | All |
| Application | Microsoft | Forefront Endpoint Protection | - | All | All | All |
| Application | Microsoft | Forefront Endpoint Protection | 2010 | All | All | All |
| Application | Microsoft | Forefront Security | - | All | All | All |
| Application | Microsoft | Intune Endpoint Protection | - | All | All | All |
| Application | Microsoft | Malware Protection Engine | All | All | All | All |
| Application | Microsoft | Security Essentials | - | All | All | All |
| Application | Microsoft | System Center Endpoint Protection | - | All | All | All |
| Operating System | Microsoft | Windows 10 1507 | - | All | All | All |
| Operating System | Microsoft | Windows 10 1511 | - | All | All | All |
| Operating System | Microsoft | Windows 10 1607 | - | All | All | All |
| Operating System | Microsoft | Windows 10 1703 | - | All | All | All |
| Operating System | Microsoft | Windows 7 | - | sp1 | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Application | Microsoft | Windows Defender | - | All | All | All |
| Operating System | Microsoft | Windows Rt 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2012 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | - | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Microsoft Corporation | Malware Protection Engine | affected Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016. | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| {{windowTitle}} | af854a3a-2127-422b-91ae-364da2661108 | portal.msrc.microsoft.com | Mitigation, Patch, Vendor Advisory |
| www.cisa.gov/known-exploited-vulnerabilities-catalog | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | www.cisa.gov | US Government Resource |
| Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine - Windows dos Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Microsoft Malware Protection Engine CVE-2017-8540 Remote Code Execution Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Broken Link, Third Party Advisory, VDB Entry |
| Microsoft Malware Protection Engine File Processing Flaws Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2022-03-03T00:00:00.000Z | CVE-2017-8540 added to CISA KEV |
There are currently no legacy QID mappings associated with this CVE.