http://www.theinquirer.net/default.aspx?article=37629 By Andrew Thomas 14 February 2007 OH DEAR, OH DEAR. If there was one piece of software you'd expect to be secure from malware attacks it would have to be malware protection software itself. Sadly, this is not the case with Microsoft Defender, the software giant's all-singing, all-dancing user security package. According to security bulletin CVE-2006-5270 - Microsoft Malware Protection Engine Vulnerability, Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a PDF file. All the following are at risk of remote code execution: Windows Live OneCare Microsoft Antigen for Exchange 9.x Microsoft Antigen for SMTP Gateway 9.x Microsoft Windows Defender Microsoft Windows Defender x64 Edition Microsoft Windows Defender in Windows Vista Microsoft Forefront Security for Exchange Server Microsoft Forefront Security for SharePoint According to the bulletin rated 'critical' a remote code execution vulnerability exists in the Microsoft Malware Protection Engine because of the way that it parses Portable Document Format (PDF) files. An attacker could exploit the vulnerability by constructing a specially crafted PDF File that could potentially allow remote code execution when the target computer system receives, and the Microsoft Malware Protection Engine scans, the PDF file. To have one insecure security product could be seen as unlucky; to have eight looks a bit like carelessness. L'INQ Microsoft Security Bulletin MS07-010 http://www.microsoft.com/technet/security/Bulletin/ms07-010.mspx ______________________________________ Subscribe to the InfoSec News RSS Feed http://www.infosecnews.org/isn.rss
This archive was generated by hypermail 2.1.3 : Thu Feb 15 2007 - 00:26:46 PST