Microsoft Malware Protection Engine — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Malware Protection Engine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2013-1346 — CVSS 9.3 (critical): mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or…
CVE-2006-5270 — CVSS 9.3 (critical): Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and…
CVE-2026-45584 — CVSS 8.1 (high): Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
CVE-2026-50656 — CVSS 7.8 (high): Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as…
CVE-2017-0290 — CVSS 7.8 (high): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2017-11937 — CVSS 7.8 (high): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT…
CVE-2017-11940 — CVSS 7.8 (high): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT…
CVE-2017-8538 — CVSS 7.8 (high): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2017-8541 — CVSS 7.8 (high): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2011-0037 — CVSS 7.2 (high): Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender…
CVE-2017-8542 — CVSS 5.5 (medium): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2017-8539 — CVSS 5.5 (medium): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2008-1437 — CVSS 5.0 (medium): Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft…
CVE-2008-1438 — CVSS 5.0 (medium): Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft…
CVE-2014-2779 — CVSS 4.3 (medium): mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang)…