This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote host has an antimalware application that is affected by a
denial of service vulnerability.
A vulnerable version of Microsoft Malware Protection Engine (MMPE) is
installed on the remote host. Scanning a maliciously crafted file
could prevent the Malware Protection Engine from monitoring affected
systems until the file is manually removed and the service is
restarted. This plugin checks if a vulnerable version of MMPE is being
used by any of the following applications :
- Microsoft Forefront Client Security
- Microsoft Forefront Endpoint Protection 2010
- Microsoft System Center 2012 Endpoint Protection
- Microsoft Malicious Software Removal Tool
- Microsoft Security Essentials
- Microsoft Security Essentials Prerelease
- Windows Defender for Windows 8, Windows 8.1, Windows
Server 2012 and Windows Server 2012 R2
- Windows Defender for Windows XP, Windows Server 2003,
Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2
These applications are only affected if they are using a scan engine
prior to 1.1.10701.0.
See also :
Enable automatic updates to update the scan engine for the relevant
antimalware applications. Refer to KB2510781 for information on how to
verify MMPE has been updated.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 6.2
Public Exploit Available : false