|
|
|
|
| |
This security update resolves two privately reported vulnerabilities in the Microsoft Malware Protection Engine. An attacker could exploit either of the vulnerabilities by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited either vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.
The Microsoft Malware Protection Engine is a part of several Microsoft products. Depending upon which product is installed, this security update has different severity ratings. This security update is rated Moderate for Windows Live OneCare, Microsoft Antigen for Exchange, Microsoft Antigen for SMTP Gateway, Microsoft Windows Defender, Microsoft Forefront Client Security, Microsoft Forefront Security for Exchange Server and Microsoft Forefront Security for SharePoint. This security update is rated Low for Standalone System Sweeper located in Diagnostics and Recovery Toolset 6. For more information, see the subsection, Affected and Non-Affected Software, in this section. |
| |
Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx
|
| |
Affected Software:
* Windows Live OneCare - Denial of Service - Moderate
* Microsoft Antigen for Exchange - Denial of Service - Moderate
* Microsoft Antigen for SMTP Gateway - Denial of Service - Moderate
* Microsoft Windows Defender - Denial of Service - Moderate
* Microsoft Forefront Client Security - Denial of Service - Moderate
* Microsoft Forefront Security for Exchange Server - Denial of Service - Moderate
* Microsoft Forefront Security for SharePoint - Denial of Service - Moderate
* Standalone System Sweeper located in Diagnostics and Recovery Toolset 6.0 - Denial of Service - Low
Microsoft Malware Protection Engine Vulnerability - CVE-2008-1437
A denial of service vulnerability exists in the way that the Microsoft Malware Protection Engine processes specially crafted files. An attacker could exploit the vulnerability by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited this vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.
CVE Information:
CVE-2008-1437
Microsoft Malware Protection Engine Vulnerability - CVE-2008-1438
A denial of service vulnerability exists in the way that the Microsoft Malware Protection Engine processes specially crafted files. An attacker could exploit the vulnerability by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited this vulnerability could cause disk-space exhaustion, leading to a denial of service condition and automatic restart.
CVE Information:
CVE-2008-1438
|
|
|
|
|
|
|
