MS Security Advisory 2846338: Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has an antimalware application that is affected by a
code execution vulnerability.

Description :

A vulnerable version of Microsoft Malware Protection Engine (MMPE) is
installed on the remote host. Scanning a maliciously crafted file can
result in arbitrary code execution. This plugin checks if a vulnerable
version of MMPE is being used by any of the following applications :

- Microsoft Forefront Client Security
- Microsoft Malicious Software Removal Tool
- Microsoft Security Essentials
- Microsoft Security Essentials Prerelease
- Windows Defender for Windows XP, Windows Server 2003,
Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2
- Windows Defender for Windows 8
- Microsoft Forefront Endpoint Protection 2010
- Microsoft System Center 2012 Endpoint Protection

These applications are only affected if they are using a scan engine
less than 1.1.9506.0 on a 64-bit host.

See also :

http://technet.microsoft.com/en-us/security/advisory/2846338
http://support.microsoft.com/kb/2510781

Solution :

Enable automatic updates to update the scan engine for the relevant
antimalware applications. Refer to KB2510781 for information on how to
verify MMPE has been updated.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 66425 ()

Bugtraq ID: 59885

CVE ID: CVE-2013-1346

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now