CVE-2017-0290: Buffer Overflow
First published: Tue May 09 2017(Updated: )
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Forefront Security for SharePoint | ||
| Microsoft Malware Protection Engine | <=1.1.13701.0 | |
| Microsoft Windows Defender | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1511 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1703 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2012 x64 | =gold | |
| Microsoft Windows Server 2012 x64 | =r2 | |
| Microsoft Windows Server 2016 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/98330
- http://www.securitytracker.com/id/1038419
- http://www.securitytracker.com/id/1038420
- https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html
- https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1252
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290
- https://technet.microsoft.com/library/security/4022344
- https://twitter.com/natashenka/status/861748397409058816
- https://www.exploit-db.com/exploits/41975/
- https://www.bleepingcomputer.com/news/security/noname-ransomware-gang-deploying-ransomhub-malware-in-recent-attacks/
Frequently Asked Questions
What is the severity of CVE-2017-0290?
CVE-2017-0290 has a critical severity rating due to its potential to allow remote code execution.
How do I fix CVE-2017-0290?
To address CVE-2017-0290, update the Microsoft Malware Protection Engine to the latest version as recommended by Microsoft.
Which products are affected by CVE-2017-0290?
CVE-2017-0290 affects Microsoft Malware Protection Engine, Microsoft Forefront, and Microsoft Defender across various Windows versions.
Is CVE-2017-0290 being actively exploited?
At the time of disclosure, there were indications that CVE-2017-0290 was being targeted in the wild.
What type of vulnerability is CVE-2017-0290?
CVE-2017-0290 is classified as a remote code execution vulnerability, meaning it can allow attackers to execute arbitrary code on affected systems.
- agent/type
- agent/weakness
- agent/author
- agent/remedy
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2017-0144
- alias/CVE-2020-1472
- alias/CVE-2023-27532
- alias/CVE-2021-42278
- alias/CVE-2021-42287
- alias/CVE-2022-42475
- alias/CVE-2017-0290
- agent/references
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft forefront security for sharepoint
- canonical/microsoft malware protection engine
- version/microsoft malware protection engine/1.1.13701.0
- canonical/microsoft windows defender
- canonical/microsoft windows 10
- version/microsoft windows 10/1511
- version/microsoft windows 10/1607
- version/microsoft windows 10/1703
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/sp2
- version/microsoft windows server 2008 itanium/r2-sp1
- canonical/microsoft windows server 2012 x64
- version/microsoft windows server 2012 x64/gold
- version/microsoft windows server 2012 x64/r2
- canonical/microsoft windows server 2016