| VID |
26347 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (MS08-029, 952044) for 'Vulnerabilities in Microsoft Malware Protection Engine' has not been applied. Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192 are vulnerable to a denial of service vulnerability, caused by a bug in the file handling routine. An attacker could exploit this vulnerability by constructing a specially-crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited this vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms08-029.mspx
http://www.us-cert.gov/cas/techalerts/TA08-134A.html
http://www.frsirt.com/english/advisories/2008/1506
http://www.securitytracker.com/id?1020016
http://secunia.com/advisories/30172
* Platforms Affected:
Microsoft Antigen for Exchange
Microsoft Antigen for SMTP Gateway
Microsoft Forefront Client Security
Microsoft Forefront Edge Server
Microsoft Forefront Security for Exchange Server
Microsoft Forefront Security for SharePoint
Microsoft Standalone System Sweeper located in Diagnostics and Recovery Toolset 6.0
Microsoft Windows Defender
Microsoft Windows Live OneCare |
| Recommendation |
Apply the appropriate patch (952044) for your system, as listed in Microsoft Security Bulletin MS08-029 at http://www.microsoft.com/technet/security/bulletin/ms08-029.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2005-0944,CVE-2007-6026 (CVE) |
| Related URL |
12960,26468 (SecurityFocus) |
| Related URL |
38499,41380 (ISS) |
|
