Microsoft Malware Protection Engine PDF File Parsing Vulnerability

Posted on Tuesday, February 13, 2007 @ 18:19:51 CST in Security
by Raven

SECUNIA ADVISORY ID: SA24146

VERIFY ADVISORY: http://secunia.com/advisories/24146/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

OPERATING SYSTEM: Microsoft Windows Vista - http://secunia.com/product/13223/

SOFTWARE:
Microsoft Windows Defender - http://secunia.com/product/13464/
Microsoft Forefront Security for SharePoint - http://secunia.com/product/13488/
Microsoft Forefront Security for Exchange Server - http://secunia.com/product/13487/
Microsoft Antigen 9.x - http://secunia.com/product/13422/
Microsoft Windows Live OneCare - http://secunia.com/product/13486/

DESCRIPTION: A vulnerability has been reported in Microsoft Malware Protection Engine, which can be exploited by malicious people to compromise a vulnerable system.


The vulnerability is caused due to an integer overflow error when parsing PDF (Portable Document Format) files. This can be exploited to cause a buffer overflow when a specially crafted PDF file is scanned. Successful exploitation allows execution of arbitrary code.

SOLUTION: Apply the latest Microsoft Malware Protection Engine update.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Neel Mehta and Alex Wheeler, ISS X-Force.

ORIGINAL ADVISORY: MS07-010 (KB932135): http://www.microsoft.com/technet/security/Bulletin/MS07-010.mspx
 
 
Associated TopicsMicrosoft