Buffer overflow in Microsoft Endpoint_protection
CVE-2017-8558
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1…
Vulnerability class: Buffer Overflow
EPSS: 0.578 (98.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Microsoft Endpoint_protection
- Microsoft Forefront_endpoint_protection — versions 2010
- Microsoft Security_essentials
- Microsoft Windows_10 — versions 1511, 1607, 1703
- Microsoft Windows_7
- Microsoft Windows_8.1
- Microsoft Windows_defender
- Microsoft Windows_intune_endpoint_protection
- Microsoft Windows_server_2008
- Microsoft Corporation Malware Protection Engine — versions 32-bit versions only of Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016.
Weakness classification (CWE)
References
- secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- secure@microsoft.com (VDB Entry, Third Party Advisory, exploit, x_refsource_EXPLOIT-DB)
- secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- secure@microsoft.com (x_refsource_CONFIRM, Vendor Advisory)
- secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
Frequently asked questions
- What is CVE-2017-8558?
- CVE-2017-8558 is a high-severity vulnerability in Microsoft Endpoint_protection, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-06-29.
- How severe is CVE-2017-8558?
- High severity. CVSS v3 base score is 7.8 out of 10.