| VID |
26260 |
| Severity |
20 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (MS07-010, 932135) for 'Vulnerability in Microsoft Malware Protection Engine' has not been applied. Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, and Vista could allow a remote attacker to execute arbitrary code on a vulnerable system, caused due to an integer overflow error in the Microsoft Malware Protection Engine (mpengine.dll) when processing a specially crafted PDF file. By sending an email containing a specially-crafted PDF file to a system being protected by a vulnerable application, a remote attacker could execute arbitrary code on the system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms07-010.mspx
http://www.kb.cert.org/vuls/id/511577
http://www.securitytracker.com/id?1017636
http://secunia.com/advisories/24146
http://www.frsirt.com/english/advisories/2007/0579
* Platforms Affected:
Microsoft Live OneCare Any version
Microsoft Antigen for Exchange Server 9.x
Microsoft Antigen for SMTP Server 9.x
Microsoft Forefront Security Exchange 10
Microsoft Forefront Security SharePoint 10
Microsoft Windows Defender Any version
Microsoft Windows Defender for Vista Any version
Microsoft Windows Defender x64 Edition Any version
Microsoft Windows Live Messenger Any version
Microsoft Windows Live Safety Center Any version
Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Vista |
| Recommendation |
Apply the appropriate patch (932135) for your system, as listed in Microsoft Security Bulletin MS07-010 at http://www.microsoft.com/technet/security/bulletin/ms07-010.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
