This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote host has an antimalware application installed that is
affected by a remote code execution vulnerability.
The version of Microsoft Malware Protection Engine (MMPE) installed on
the remote Windows host is prior to 1.1.13903.0. It is, therefore,
affected by a remote code execution vulnerability due to improper
handling of files during scanning. An unauthenticated, remote attacker
can exploit this, via a specially crafted file, to execute arbitrary
code in the security context of the LocalSystem account. Note that
only x86 or 32-bit based versions of the MMPE are affected by this
Nessus has checked if a vulnerable version of MMPE is being used by
any of the following applications :
- Microsoft Forefront Endpoint Protection 2010.
- Microsoft Endpoint Protection.
- Microsoft Forefront Security for SharePoint.
- Microsoft System Center Endpoint Protection.
- Microsoft Security Essentials.
- Windows Defender for Windows 7, Windows 8.1, Windows RT
8.1, Windows 10, Windows 10 1511, Windows 10 1607,
Windows 10 1703, and Windows Server 2016.
- Windows Intune Endpoint Protection.
See also :
Enable automatic updates to update the scan engine for the relevant
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true