CVE-2017-8540

CVE Database · CVE-2017-8540

CVE-2017-8540

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

71.96%

Published

May 26, 2017

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (23)

microsoft · malware_protection_engine (up to 1.1.13704.0)vulnerable

microsoft · windows_10_1507

microsoft · windows_10_1511

microsoft · windows_10_1607

microsoft · windows_10_1703

microsoft · windows_7

microsoft · windows_8.1