This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.
The remote host has an antimalware application that is affected by a
code execution vulnerability.
A vulnerable version of Microsoft Malware Protection Engine (MMPE) is
installed on the remote host. Scanning a maliciously crafted file can
result in arbitrary code execution. This plugin checks if a vulnerable
version of MMPE is being used by any of the following applications :
- Microsoft Forefront Client Security
- Microsoft Malicious Software Removal Tool
- Microsoft Security Essentials
- Microsoft Security Essentials Prerelease
- Windows Defender for Windows XP, Windows Server 2003,
Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2
- Windows Defender for Windows 8
- Microsoft Forefront Endpoint Protection 2010
- Microsoft System Center 2012 Endpoint Protection
These applications are only affected if they are using a scan engine
less than 1.1.9506.0 on a 64-bit host.
See also :
Enable automatic updates to update the scan engine for the relevant
antimalware applications. Refer to KB2510781 for information on how to
verify MMPE has been updated.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false