Title: Microsoft Antivirus Engine Integer Overflow Vulnerability
Severity: CRITICAL
Description:
Microsoft Antivirus Engine is prone to an integer-overflow vulnerability. This issue occurs when the application processes maliciously crafted PDF files.
This issue is currently being exploited via PDFs. Specifically, the vulnerability occurs when the application processes a malicious PDF file containing an unspecified malformed string. This causes process memory to become corrupted, allowing an attacker to manipulate the application's normal flow of execution to run arbitrary machine code.
An attacker could exploit this issue by enticing a victim into receiving or opening a malicious PDF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
Affected Products:
- Microsoft Antigen 9.0
- Microsoft ForeFront
- Microsoft Forefront Security for Exchange Server 1.0
- Microsoft Forefront Security for SharePoint Server 1.0
- Microsoft Windows Defender
- Microsoft Windows Defender x64 Edition
- Microsoft Windows Live OneCare
References:
- IT ISAC: IBM X-Force: Microsoft Windows Protection Engine Remote Heap Overflow
- Microsoft: Microsoft Security Bulletin MS07-010
- Microsoft: Microsoft Windows Homepage
- US-CERT: Vulnerability Note VU#511577 - Microsoft Malware Protection Engine fails to prop
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
