漏洞类别:Local
漏洞等级: 
漏洞信息
The Microsoft Malware Protection Engine is a part of several Microsoft antimalware products.
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption.
Affected Versions / Software:
Microsoft Malware Protection Engine version prior to 1.1.14405.2 running on Microsoft Forefront Endpoint Protection 2010, Microsoft Endpoint Protection, Microsoft Security Essentials and Windows Defender
QID Detection Logic (Authenticated):
The authenticated check looks for the version of "mpengine.dll" file.
漏洞危害
An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.
解决方案
Users are advised to check CVE-2017-11937 for more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Micrisoft CVE-2017-11937: Windows (Microsoft Malware Protection Engine)
0daybank
文章评论