The host is installed with Microsoft malware protection engine before 1.1.9506.0 on x64 platforms for Microsoft Forefront Security for SharePoint, Windows Defender or Microsoft Security Essentials and is prone to a remote code execution vulnerability. A flaw is present in the mpengine.dll, which fails to handle a crafted file. Successful exploitation allows attackers to execute arbitrary code in the security context of the LocalSystem account and take complete control of the system.