VYPR

Malware Protection Engine

by Microsoft

CVEs (35)

  • CVE-2017-8540HigKEVMay 26, 2017
    risk 0.71cvss 7.8epss 0.72

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2018-0986HigApr 4, 2018
    risk 0.65cvss 8.8epss 0.61

    A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender,…

  • CVE-2026-41091HigKEVMay 20, 2026
    risk 0.63cvss 7.8epss 0.08

    Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

  • CVE-2017-0290HigMay 9, 2017
    risk 0.60cvss 7.8epss 0.77

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-8541HigMay 26, 2017
    risk 0.58cvss 7.8epss 0.50

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-8538HigMay 26, 2017
    risk 0.58cvss 7.8epss 0.50

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-8558HigJun 29, 2017
    risk 0.57cvss 7.8epss 0.44

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703…

  • CVE-2026-45584HigMay 20, 2026
    risk 0.53cvss 8.1epss 0.01

    Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.

  • CVE-2017-11937HigDec 7, 2017
    risk 0.53cvss 7.8epss 0.28

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and…

  • CVE-2017-11940HigDec 8, 2017
    risk 0.52cvss 7.8epss 0.20

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and…

  • CVE-2026-50656HigJun 16, 2026
    risk 0.51cvss 7.8epss 0.03

    Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide…

  • CVE-2017-8537MedMay 26, 2017
    risk 0.40cvss 5.5epss 0.17

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-8536MedMay 26, 2017
    risk 0.40cvss 5.5epss 0.17

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-8535MedMay 26, 2017
    risk 0.40cvss 5.5epss 0.17

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-8542MedMay 26, 2017
    risk 0.36cvss 5.5epss 0.06

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-8539MedMay 26, 2017
    risk 0.36cvss 5.5epss 0.06

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2006-5270Feb 13, 2007
    risk 0.02cvss epss 0.30

    Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2021-31985Jun 8, 2021
    risk 0.01cvss epss 0.08

    Microsoft Defender Remote Code Execution Vulnerability

  • CVE-2014-2779Jun 18, 2014
    risk 0.01cvss epss 0.13

    mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file.

  • CVE-2013-1346May 15, 2013
    risk 0.01cvss epss 0.12

    mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.

Page 1 of 2