CVE-2017-8540
Out-of-bounds Write — is CVE-2017-8540real, exploitable, or a false positive? Here's the community ground truth.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2017-8540)<a href="https://www.truepositive.app/cve/CVE-2017-8540"><img src="https://www.truepositive.app/cve/CVE-2017-8540/badge.svg" alt="TruePositive verdict for CVE-2017-8540"></a>Live badge — updates automatically as the community verdict changes.
Community ground truth
Community verdict
2 verdictsIncludes TruePositive's curated baseline from public sources — community verdicts accrue on top.
Pick your verdict — we'll save it right after a quick sign-in.
In line with its CVSS base score.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
- 0
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability — The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". Listed in the CISA KEV catalog (added 2022-03-03) — confirmed exploited in the wild, not theoretical. FIRST EPSS puts the chance of exploitation in the next 30 days at ~72%. Treat it as real and prioritize remediation over triage.
- 0
Required action for Microsoft Malware Protection Engine: Apply updates per vendor instructions. CISA set a federal remediation due date of 2022-03-24. After patching, verify the vulnerable path is no longer reachable before closing the finding.
Related CVEs
Same weakness — CWE-787 · Out-of-bounds Write.
- CVE-2015-3113CVSS 9.8KEVEPSS 100%
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
- CVE-2023-4863CVSS 8.8KEVEPSS 100%
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2023-34048CVSS 9.8KEVEPSS 99%
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
- CVE-2008-2992CVSS 7.8KEVEPSS 98%
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
- CVE-2015-1641CVSS 7.8KEVEPSS 97%
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
- CVE-2019-5544CVSS 9.8KEVEPSS 97%
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.