cvelistv5 - cve-2017-0290

CVE-2017-0290 (GCVE-0-2017-0290)

Vulnerability from cvelistv5

Published

2017-05-09 06:03

Modified

2024-08-05 13:03

Severity ?

CWE

Remote Code Execution

Summary

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."

References

URL

Tags

secure@microsoft.com	http://www.securityfocus.com/bid/98330	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1038419
secure@microsoft.com	http://www.securitytracker.com/id/1038420
secure@microsoft.com	https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html
secure@microsoft.com	https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/	Press/Media Coverage, Third Party Advisory
secure@microsoft.com	https://bugs.chromium.org/p/project-zero/issues/detail?id=1252	Exploit, Third Party Advisory
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290	Vendor Advisory
secure@microsoft.com	https://technet.microsoft.com/library/security/4022344	Patch, Vendor Advisory
secure@microsoft.com	https://twitter.com/natashenka/status/861748397409058816	Exploit, Third Party Advisory
secure@microsoft.com	https://www.exploit-db.com/exploits/41975/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98330	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038419
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038420
af854a3a-2127-422b-91ae-364da2661108	https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html
af854a3a-2127-422b-91ae-364da2661108	https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/	Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.chromium.org/p/project-zero/issues/detail?id=1252	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://technet.microsoft.com/library/security/4022344	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/natashenka/status/861748397409058816	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41975/

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	Microsoft Malware Protection Engine	Version: Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:55.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290"
          },
          {
            "name": "1038420",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038420"
          },
          {
            "name": "41975",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41975/"
          },
          {
            "name": "1038419",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038419"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/natashenka/status/861748397409058816"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://technet.microsoft.com/library/security/4022344"
          },
          {
            "name": "98330",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98330"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Malware Protection Engine",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
            }
          ]
        }
      ],
      "datePublic": "2017-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290"
        },
        {
          "name": "1038420",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038420"
        },
        {
          "name": "41975",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41975/"
        },
        {
          "name": "1038419",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038419"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/natashenka/status/861748397409058816"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://technet.microsoft.com/library/security/4022344"
        },
        {
          "name": "98330",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98330"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0290",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Malware Protection Engine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/",
              "refsource": "MISC",
              "url": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290"
            },
            {
              "name": "1038420",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038420"
            },
            {
              "name": "41975",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41975/"
            },
            {
              "name": "1038419",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038419"
            },
            {
              "name": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html",
              "refsource": "MISC",
              "url": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html"
            },
            {
              "name": "https://twitter.com/natashenka/status/861748397409058816",
              "refsource": "MISC",
              "url": "https://twitter.com/natashenka/status/861748397409058816"
            },
            {
              "name": "https://technet.microsoft.com/library/security/4022344",
              "refsource": "CONFIRM",
              "url": "https://technet.microsoft.com/library/security/4022344"
            },
            {
              "name": "98330",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98330"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-0290",
    "datePublished": "2017-05-09T06:03:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-05T13:03:55.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-0290\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2017-05-09T06:29:00.157\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka \\\"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"El motor de protecci\u00f3n de malware de Microsoft que se ejecuta en Microsoft Forefront y Microsoft Defender en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607 y 1703 , y Windows Server 2016 no analiza correctamente un archivo especialmente dise\u00f1ado que provoca da\u00f1os en la memoria, tambi\u00e9n conocido como \\\"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft Malware Protection Engine\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:forefront_security:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB6F1182-AC87-4A8E-841D-25C94DD7116A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.13701.0\",\"matchCriteriaId\":\"091594BF-2DDF-410D-BBF5-DCA72229B941\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"794244D1-F317-44C8-8338-3DA74E71D4B0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232581CC-130A-4C62-A7E9-2EC9A9364D53\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE2E768-0F45-46E1-B6D7-087917109D98\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB506484-7F0C-46BF-8EA6-4FB5AF454CED\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/98330\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038419\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1038420\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=1252\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://technet.microsoft.com/library/security/4022344\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://twitter.com/natashenka/status/861748397409058816\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41975/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/98330\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038419\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1038420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=1252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://technet.microsoft.com/library/security/4022344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://twitter.com/natashenka/status/861748397409058816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41975/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2017-0290

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2017-0290

Aliases

CVE-2017-0290

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-0290",
    "description": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\"",
    "id": "GSD-2017-0290"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-0290"
      ],
      "details": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\"",
      "id": "GSD-2017-0290",
      "modified": "2023-12-13T01:20:59.797307Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2017-0290",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Malware Protection Engine",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/",
            "refsource": "MISC",
            "url": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/"
          },
          {
            "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252",
            "refsource": "MISC",
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290"
          },
          {
            "name": "1038420",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038420"
          },
          {
            "name": "41975",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/41975/"
          },
          {
            "name": "1038419",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038419"
          },
          {
            "name": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html",
            "refsource": "MISC",
            "url": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html"
          },
          {
            "name": "https://twitter.com/natashenka/status/861748397409058816",
            "refsource": "MISC",
            "url": "https://twitter.com/natashenka/status/861748397409058816"
          },
          {
            "name": "https://technet.microsoft.com/library/security/4022344",
            "refsource": "CONFIRM",
            "url": "https://technet.microsoft.com/library/security/4022344"
          },
          {
            "name": "98330",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98330"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:forefront_security:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1.13701.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0290"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://twitter.com/natashenka/status/861748397409058816",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://twitter.com/natashenka/status/861748397409058816"
            },
            {
              "name": "https://technet.microsoft.com/library/security/4022344",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://technet.microsoft.com/library/security/4022344"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252"
            },
            {
              "name": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/",
              "refsource": "MISC",
              "tags": [
                "Press/Media Coverage",
                "Third Party Advisory"
              ],
              "url": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/"
            },
            {
              "name": "98330",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/98330"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290"
            },
            {
              "name": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html"
            },
            {
              "name": "1038420",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038420"
            },
            {
              "name": "1038419",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038419"
            },
            {
              "name": "41975",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/41975/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-05-08T22:03Z",
      "publishedDate": "2017-05-09T06:29Z"
    }
  }
}

cnvd-2017-06157

Vulnerability from cnvd

Title

Microsoft Malware Protection Engine远程代码执行漏洞

Description

Microsoft恶意软件保护引擎（mpengine.dll）可为防病毒和反间谍软件客户端提供扫描、监测和清除功能。 Microsoft Malware Protection Engine存在远程代码执行漏洞。当Microsoft恶意软件保护引擎未能正确扫描攻击者精心构造的文件导致内存破坏时，可触发远程代码执行漏洞。攻击者可在LocalSystem账户下执行任意代码，并控制系统。攻击者可以安装程序，查看、更改或删除数据，甚至创建具有完整用户权限的新帐户。

Severity

高

Patch Name

Microsoft Malware Protection Engine远程代码执行漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://technet.microsoft.com/en-us/library/security/4022344

Reference

https://technet.microsoft.com/en-us/library/security/4022344 https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5

Impacted products

Name
Microsoft Malware Protection Engine 1.1.13701.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-0290"
    }
  },
  "description": "Microsoft\u6076\u610f\u8f6f\u4ef6\u4fdd\u62a4\u5f15\u64ce\uff08mpengine.dll\uff09\u53ef\u4e3a\u9632\u75c5\u6bd2\u548c\u53cd\u95f4\u8c0d\u8f6f\u4ef6\u5ba2\u6237\u7aef\u63d0\u4f9b\u626b\u63cf\u3001\u76d1\u6d4b\u548c\u6e05\u9664\u529f\u80fd\u3002\r\n\r\nMicrosoft Malware Protection Engine\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u5f53Microsoft\u6076\u610f\u8f6f\u4ef6\u4fdd\u62a4\u5f15\u64ce\u672a\u80fd\u6b63\u786e\u626b\u63cf\u653b\u51fb\u8005\u7cbe\u5fc3\u6784\u9020\u7684\u6587\u4ef6\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u65f6\uff0c\u53ef\u89e6\u53d1\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5728LocalSystem\u8d26\u6237\u4e0b\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5e76\u63a7\u5236\u7cfb\u7edf\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5b89\u88c5\u7a0b\u5e8f\uff0c\u67e5\u770b\u3001\u66f4\u6539\u6216\u5220\u9664\u6570\u636e\uff0c\u751a\u81f3\u521b\u5efa\u5177\u6709\u5b8c\u6574\u7528\u6237\u6743\u9650\u7684\u65b0\u5e10\u6237\u3002",
  "discovererName": "Natalie Silvanovich \u548cTavisOrmandy",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://technet.microsoft.com/en-us/library/security/4022344",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06157",
  "openTime": "2017-05-09",
  "patchDescription": "Microsoft\u6076\u610f\u8f6f\u4ef6\u4fdd\u62a4\u5f15\u64ce\uff08mpengine.dll\uff09\u53ef\u4e3a\u9632\u75c5\u6bd2\u548c\u53cd\u95f4\u8c0d\u8f6f\u4ef6\u5ba2\u6237\u7aef\u63d0\u4f9b\u626b\u63cf\u3001\u76d1\u6d4b\u548c\u6e05\u9664\u529f\u80fd\u3002\r\n\r\nMicrosoft Malware Protection Engine\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u5f53Microsoft\u6076\u610f\u8f6f\u4ef6\u4fdd\u62a4\u5f15\u64ce\u672a\u80fd\u6b63\u786e\u626b\u63cf\u653b\u51fb\u8005\u7cbe\u5fc3\u6784\u9020\u7684\u6587\u4ef6\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u65f6\uff0c\u53ef\u89e6\u53d1\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5728LocalSystem\u8d26\u6237\u4e0b\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5e76\u63a7\u5236\u7cfb\u7edf\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5b89\u88c5\u7a0b\u5e8f\uff0c\u67e5\u770b\u3001\u66f4\u6539\u6216\u5220\u9664\u6570\u636e\uff0c\u751a\u81f3\u521b\u5efa\u5177\u6709\u5b8c\u6574\u7528\u6237\u6743\u9650\u7684\u65b0\u5e10\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Malware Protection Engine\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Malware Protection Engine 1.1.13701.0"
  },
  "referenceLink": "https://technet.microsoft.com/en-us/library/security/4022344\r\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1252\u0026desc=5",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-09",
  "title": "Microsoft Malware Protection Engine\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CERTFR-2017-AVI-148

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2008 R2
Microsoft	Windows	Windows 10
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows Server 2008
Microsoft	Windows	Windows 7
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft mai 2017 du 09 mai 2017	None	vendor-advisory
Bulletin de sécurité Microsoft du 09 mai 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-0077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0077"
    },
    {
      "name": "CVE-2017-0274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0274"
    },
    {
      "name": "CVE-2017-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0290"
    },
    {
      "name": "CVE-2017-0275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0275"
    },
    {
      "name": "CVE-2017-0259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0259"
    },
    {
      "name": "CVE-2017-0269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0269"
    },
    {
      "name": "CVE-2017-0175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0175"
    },
    {
      "name": "CVE-2017-0268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0268"
    },
    {
      "name": "CVE-2017-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0213"
    },
    {
      "name": "CVE-2017-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0212"
    },
    {
      "name": "CVE-2017-0267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0267"
    },
    {
      "name": "CVE-2017-0278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0278"
    },
    {
      "name": "CVE-2017-0272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0272"
    },
    {
      "name": "CVE-2017-0245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0245"
    },
    {
      "name": "CVE-2017-0263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0263"
    },
    {
      "name": "CVE-2017-0246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0246"
    },
    {
      "name": "CVE-2017-0171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0171"
    },
    {
      "name": "CVE-2017-0276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0276"
    },
    {
      "name": "CVE-2017-0244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0244"
    },
    {
      "name": "CVE-2017-0220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0220"
    },
    {
      "name": "CVE-2017-0277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0277"
    },
    {
      "name": "CVE-2017-0270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0270"
    },
    {
      "name": "CVE-2017-0273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0273"
    },
    {
      "name": "CVE-2017-0258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0258"
    },
    {
      "name": "CVE-2017-0242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0242"
    },
    {
      "name": "CVE-2017-0279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0279"
    },
    {
      "name": "CVE-2017-0280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0280"
    },
    {
      "name": "CVE-2017-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0214"
    },
    {
      "name": "CVE-2017-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0190"
    },
    {
      "name": "CVE-2017-0271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0271"
    }
  ],
  "initial_release_date": "2017-05-10T00:00:00",
  "last_revision_date": "2017-05-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-148",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft mai 2017 du 09 mai 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 mai 2017",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/releasenotedetail/bc365363-f51e-e711-80da-000d3a32fc99"
    }
  ]
}

CERTFR-2017-AVI-147

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft	Office	Microsoft Word 2016 (32-bit edition)
Microsoft	Office	Microsoft Office 2007 Service Pack 3
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft	Office	Word Automation Services
Microsoft	Office	Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft	Office	Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft	Office	Microsoft Project Server 2013 Service Pack 1
Microsoft	Office	Microsoft Office Web Apps 2013 Service Pack 1
Microsoft	Office	Microsoft Office 2016 (64-bit edition)
Microsoft	Office	Microsoft Office Compatibility Pack Service Pack 3
Microsoft	Office	Microsoft Office 2013 RT Service Pack 1
Microsoft	Office	Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft	Office	Microsoft Office 2016 for Mac
Microsoft	Office	Microsoft Office for Mac 2011
Microsoft	Office	Microsoft SharePoint Enterprise Server 2016
Microsoft	Office	Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft	Office	Microsoft Word 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft	Office	Microsoft Office Web Apps 2010 Service Pack 2
Microsoft	Office	Microsoft Office Online Server 2016
Microsoft	Office	Microsoft Word 2016 (64-bit edition)
Microsoft	Office	Microsoft Word 2007 Service Pack 3
Microsoft	Office	Microsoft SharePoint Server 2010 Service Pack 2
Microsoft	Office	Microsoft Office 2016 (32-bit edition)
Microsoft	Office	Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft	Office	Microsoft Forefront Security for SharePoint Service Pack 3
Microsoft	Office	Microsoft PowerPoint for Mac 2011
Microsoft	Office	Microsoft Office Word Viewer

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 mai 2017	None	vendor-advisory
Bulletin de sécurité Microsoft mai 2017 du 09 mai 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft SharePoint Foundation 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2016 (32-bit edition)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2007 Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (64-bit editions)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Word Automation Services",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2010 Service Pack 2 (64-bit editions)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2010 Service Pack 2 (32-bit editions)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Project Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (64-bit edition)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2013 Service Pack 1 (32-bit editions)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 for Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office for Mac 2011",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2013 Service Pack 1 (64-bit editions)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (64-bit editions)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (32-bit editions)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Online Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2016 (64-bit edition)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2007 Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (32-bit edition)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (32-bit editions)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Security for SharePoint Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint for Mac 2011",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Word Viewer",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0255"
    },
    {
      "name": "CVE-2017-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0290"
    },
    {
      "name": "CVE-2017-0281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0281"
    },
    {
      "name": "CVE-2017-0261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0261"
    },
    {
      "name": "CVE-2017-0264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0264"
    },
    {
      "name": "CVE-2017-0265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0265"
    },
    {
      "name": "CVE-2017-0262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0262"
    },
    {
      "name": "CVE-2017-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0254"
    }
  ],
  "initial_release_date": "2017-05-10T00:00:00",
  "last_revision_date": "2017-05-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-147",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 mai 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft mai 2017 du 09 mai 2017",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/releasenotedetail/bc365363-f51e-e711-80da-000d3a32fc99"
    }
  ]
}

CERTFR-2017-AVI-151

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans Microsoft Malware Protection Engine. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Defender
Microsoft	N/A	Microsoft Security Essentials
Microsoft	N/A	Microsoft Forefront Security for SharePoint Service Pack 3
Microsoft	Windows	Windows Intune Endpoint Protection
Microsoft	N/A	Microsoft Forefront Endpoint Protection 2010

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 mai 2017	None	vendor-advisory
Bulletin de sécurité Microsoft mai 2017 du 09 mai 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Defender",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Security Essentials",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Security for SharePoint Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Intune Endpoint Protection",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Endpoint Protection 2010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0290"
    }
  ],
  "initial_release_date": "2017-05-10T00:00:00",
  "last_revision_date": "2017-05-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-151",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nMalware Protection Engine\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Malware Protection Engine",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 mai 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft mai 2017 du 09 mai 2017",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/releasenotedetail/bc365363-f51e-e711-80da-000d3a32fc99"
    }
  ]
}

fkie_cve-2017-0290

Vulnerability from fkie_nvd

Published

2017-05-09 06:29

Modified

2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/98330	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1038419
secure@microsoft.com	http://www.securitytracker.com/id/1038420
secure@microsoft.com	https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html
secure@microsoft.com	https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/	Press/Media Coverage, Third Party Advisory
secure@microsoft.com	https://bugs.chromium.org/p/project-zero/issues/detail?id=1252	Exploit, Third Party Advisory
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290	Vendor Advisory
secure@microsoft.com	https://technet.microsoft.com/library/security/4022344	Patch, Vendor Advisory
secure@microsoft.com	https://twitter.com/natashenka/status/861748397409058816	Exploit, Third Party Advisory
secure@microsoft.com	https://www.exploit-db.com/exploits/41975/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98330	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038419
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038420
af854a3a-2127-422b-91ae-364da2661108	https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html
af854a3a-2127-422b-91ae-364da2661108	https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/	Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.chromium.org/p/project-zero/issues/detail?id=1252	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://technet.microsoft.com/library/security/4022344	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/natashenka/status/861748397409058816	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41975/

Impacted products

Vendor	Product	Version
microsoft	forefront_security	-
microsoft	malware_protection_engine	*
microsoft	windows_defender	-
microsoft	windows_10	-
microsoft	windows_10	1511
microsoft	windows_10	1607
microsoft	windows_10	1703
microsoft	windows_7	-
microsoft	windows_8.1	*
microsoft	windows_rt_8.1	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2012	-
microsoft	windows_server_2012	r2
microsoft	windows_server_2016	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_security:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB6F1182-AC87-4A8E-841D-25C94DD7116A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "091594BF-2DDF-410D-BBF5-DCA72229B941",
              "versionEndIncluding": "1.1.13701.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
              "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*",
              "matchCriteriaId": "AB506484-7F0C-46BF-8EA6-4FB5AF454CED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "El motor de protecci\u00f3n de malware de Microsoft que se ejecuta en Microsoft Forefront y Microsoft Defender en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607 y 1703 , y Windows Server 2016 no analiza correctamente un archivo especialmente dise\u00f1ado que provoca da\u00f1os en la memoria, tambi\u00e9n conocido como \"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft Malware Protection Engine\"."
    }
  ],
  "id": "CVE-2017-0290",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-09T06:29:00.157",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98330"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1038419"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1038420"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Press/Media Coverage",
        "Third Party Advisory"
      ],
      "url": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://technet.microsoft.com/library/security/4022344"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/natashenka/status/861748397409058816"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://www.exploit-db.com/exploits/41975/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Press/Media Coverage",
        "Third Party Advisory"
      ],
      "url": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://technet.microsoft.com/library/security/4022344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/natashenka/status/861748397409058816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/41975/"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-w3hq-vf6w-p52j

Vulnerability from github

Published

2022-05-14 01:05

Modified

2025-04-20 03:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-0290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-09T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\"",
  "id": "GHSA-w3hq-vf6w-p52j",
  "modified": "2025-04-20T03:37:21Z",
  "published": "2022-05-14T01:05:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0290"
    },
    {
      "type": "WEB",
      "url": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html"
    },
    {
      "type": "WEB",
      "url": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290"
    },
    {
      "type": "WEB",
      "url": "https://technet.microsoft.com/library/security/4022344"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/natashenka/status/861748397409058816"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41975"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98330"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038419"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038420"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2017-ALE-009

Vulnerability from certfr_alerte

Une vulnérabilité a été découverte dans Microsoft Malware Protection Engine. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Description

Les chercheurs Natalie Silvanovich et Tavis Ormandy de Google Project Zero ont révélé l'existence d'une vulnérabilité dans le Malware Protection Engine de Microsoft (cf. section Documentation). Celui-ci est le moteur de nombreux produits de sécurité Microsoft.

Cette vulnérabilité est particulièrement critique car elle est présente par défaut dans toutes les dernières versions de Windows et permet une exécution de code à distance avec les privilèges System. De plus, cette vulnérabilité est déclenchée dès qu'un fichier malveillant est balayé par le Malware Protection Engine. Plus concrètement, il suffit uniquement de recevoir un courriel piégé ou de se rendre sur un site malveillant pour risquer une infection.

Toutefois, le 8 mai 2017, Microsoft a annoncé la sortie d'un correctif de sécurité (cf. section Documentation) à l'occasion de sa mise à jour mensuelle. De plus, les systèmes devraient se mettre à jour automatiquement à partir du moment où cette option n'est pas désactivée. Microsoft a également annoncé que cette mise à jour devrait être intégralement déployée sous 48 heures.

Le CERT-FR recommande donc de vérifier que le correctif est bien installé (cf. section Documentation), ou le cas échéant, de mettre ses sytèmes à jour dans les plus brefs délais.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Defender pour Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703
Microsoft	Windows	Windows Defender pour Windows 8.1
Microsoft	Windows	Windows Defender pour Windows 7
Microsoft	N/A	Microsoft System Center Endpoint Protection
Microsoft	N/A	Microsoft Security Essentials
Microsoft	N/A	Microsoft Forefront Security pour SharePoint Service Pack 3
Microsoft	Windows	Windows Intune Endpoint Protection
Microsoft	N/A	Microsoft Forefront Endpoint Protection 2010
Microsoft	Windows	Windows Defender pour Windows RT 8.1
Microsoft	N/A	Microsoft Endpoint Protection

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft 4022344 du 08 mai 2017	None	vendor-advisory
Support Microsoft	-	other
Google Project Zero	-	other
Avis CERT-FR CERTFR-2017-AVI-151	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Defender pour Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Defender pour Windows 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Defender pour Windows 7",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Security Essentials",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Security pour SharePoint Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Intune Endpoint Protection",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Endpoint Protection 2010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Defender pour Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2017-05-15",
  "content": "## Description\n\nLes chercheurs Natalie Silvanovich et Tavis Ormandy de Google Project\nZero ont r\u00e9v\u00e9l\u00e9 l\u0027existence d\u0027une vuln\u00e9rabilit\u00e9 dans le Malware\nProtection Engine de Microsoft (cf. section Documentation). Celui-ci est\nle moteur de nombreux produits de s\u00e9curit\u00e9 Microsoft.\n\nCette vuln\u00e9rabilit\u00e9 est particuli\u00e8rement critique car elle est pr\u00e9sente\npar d\u00e9faut dans toutes les derni\u00e8res versions de Windows et permet une\nex\u00e9cution de code \u00e0 distance avec les privil\u00e8ges System. De plus, cette\nvuln\u00e9rabilit\u00e9 est d\u00e9clench\u00e9e d\u00e8s qu\u0027un fichier malveillant est balay\u00e9\npar le Malware Protection Engine. Plus concr\u00e8tement, il suffit\nuniquement de recevoir un courriel pi\u00e9g\u00e9 ou de se rendre sur un site\nmalveillant pour risquer une infection.\n\nToutefois, le 8 mai 2017, Microsoft a annonc\u00e9 la sortie d\u0027un correctif\nde s\u00e9curit\u00e9 (cf. section Documentation) \u00e0 l\u0027occasion de sa mise \u00e0 jour\nmensuelle. De plus, les syst\u00e8mes devraient se mettre \u00e0 jour\nautomatiquement \u00e0 partir du moment o\u00f9 cette option n\u0027est pas d\u00e9sactiv\u00e9e.\nMicrosoft a \u00e9galement annonc\u00e9 que cette mise \u00e0 jour devrait \u00eatre\nint\u00e9gralement d\u00e9ploy\u00e9e sous 48 heures.\n\nLe CERT-FR recommande donc de v\u00e9rifier que le correctif est bien\ninstall\u00e9 (cf. section Documentation), ou le cas \u00e9ch\u00e9ant, de mettre ses\nsyt\u00e8mes \u00e0 jour dans les plus brefs d\u00e9lais.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0290"
    }
  ],
  "initial_release_date": "2017-05-09T00:00:00",
  "last_revision_date": "2017-05-15T00:00:00",
  "links": [
    {
      "title": "Support Microsoft",
      "url": "https://support.microsoft.com/en-us/help/2510781/microsoft-malware-protection-engine-deployment-information"
    },
    {
      "title": "Google Project Zero",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252\u0026desc=5"
    },
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-151",
      "url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2017-AVI-151/index.html"
    }
  ],
  "reference": "CERTFR-2017-ALE-009",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-09T00:00:00.000000"
    },
    {
      "description": "ajout du lien vers l\u0027avis CERT-FR CERTFR-2017-AVI-151.",
      "revision_date": "2017-05-10T00:00:00.000000"
    },
    {
      "description": "cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2017-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eMicrosoft\nMalware Protection Engine\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Malware Protection Engine",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft 4022344 du 08 mai 2017",
      "url": "https://technet.microsoft.com/en-us/library/security/4022344.aspx"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-0290 (GCVE-0-2017-0290)

Vulnerability from cvelistv5

Vulnerability from gsd

Vulnerability from cnvd

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from fkie_nvd

Vulnerability from github

Vulnerability from certfr_alerte

Description

Solution

Tags

Sightings

Nomenclature