TITLE:
Microsoft Malware Protection Engine PDF File Parsing
Vulnerability
SECUNIA ADVISORY ID:
SA24146
VERIFY ADVISORY:
http://secunia.c
om/advisories/24146/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
OPERATING SYSTEM:
Microsoft Windows Vista
http://secunia.com/
product/13223/
SOFTWARE:
Microsoft Windows Defender
http://secunia.com/
product/13464/
Microsoft Forefront Security for SharePoint
http://secunia.com/
product/13488/
Microsoft Forefront Security for Exchange Server
http://secunia.com/
product/13487/
Microsoft Antigen 9.x
http://secunia.com/
product/13422/
Microsoft Windows Live OneCare
http://secunia.com/
product/13486/
DESCRIPTION:
A vulnerability has been reported in Microsoft Malware
Protection
Engine, which can be exploited by malicious people to
compromise a
vulnerable system.
The vulnerability is caused due to an integer overflow error
when
parsing PDF (Portable Document Format) files. This can be
exploited
to cause a buffer overflow when a specially crafted PDF file
is
scanned.
Successful exploitation allows execution of arbitrary code.
SOLUTION:
Apply the latest Microsoft Malware Protection Engine
update.
ORIGINAL ADVISORY:
MS07-010 (KB932135):
http://www.microsoft.com/technet/security/Bullet
in/MS07-010.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
