The host is installed with Microsoft malware protection engine before 1.1.13704.0 for Microsoft Forefront Security for SharePoint, Windows Defender or Microsoft Security Essentials and is prone to a remote code execution vulnerability. A flaw is present in the mpengine.dll, which fails to handle a crafted file. Successful exploitation allows attackers to execute arbitrary code in the security context of the LocalSystem account and take control of the system.