[LINK] vista security security flaws

Kim Holburn kim.holburn at gmail.com
Thu Feb 15 22:16:05 AEDT 2007 

http://www.theinquirer.net/default.aspx?article=37629

> MS malware engine vulnerable to malware
>
> You couldn't make it up
>
> By Andrew Thomas: Wednesday 14 February 2007, 15:09
> OH DEAR, OH DEAR. If there was one piece of software you'd expect  
> to be secure from malware attacks it would have to be malware  
> protection software itself. Sadly, this is not the case with  
> Microsoft Defender, the software giant's all-singing, all-dancing  
> user security package.
>
> According to security bulletin CVE-2006-5270 - Microsoft Malware  
> Protection Engine Vulnerability, Integer overflow in the Microsoft  
> Malware Protection Engine (mpengine.dll), as used by Windows Live  
> OneCare, Antigen, Defender, and Forefront Security, allows user- 
> assisted remote attackers to execute arbitrary code via a PDF file.  
> All the following are at risk of remote code execution:
>
> Windows Live OneCare
> Microsoft Antigen for Exchange 9.x
> Microsoft Antigen for SMTP Gateway 9.x
> Microsoft Windows Defender
> Microsoft Windows Defender x64 Edition
> Microsoft Windows Defender in Windows Vista
> Microsoft Forefront Security for Exchange Server
> Microsoft Forefront Security for SharePoint
>
> According to the bulletin – rated 'critical' – a remote code  
> execution vulnerability exists in the Microsoft Malware Protection  
> Engine because of the way that it parses Portable Document Format  
> (PDF) files. An attacker could exploit the vulnerability by  
> constructing a specially crafted PDF File that could potentially  
> allow remote code execution when the target computer system  
> receives, and the Microsoft Malware Protection Engine scans, the  
> PDF file.
>
> To have one insecure security product could be seen as unlucky; to  
> have eight looks a bit like carelessness. µ


--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3342707610
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the Link mailing list