[NT] Vulnerabilities in Microsoft Malware Protection Engine Allow Denial of Service (MS08-029)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 16 May 2008 07:44:03 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerabilities in Microsoft Malware Protection Engine Allow Denial of
Service (MS08-029)
------------------------------------------------------------------------
SUMMARY
This security update resolves two privately reported vulnerabilities in
the Microsoft Malware Protection Engine. An attacker could exploit either
of the vulnerabilities by constructing a specially crafted file that could
allow denial of service when received by the target computer system and
scanned by the Microsoft Malware Protection Engine. An attacker who
successfully exploited either vulnerability could cause the Microsoft
Malware Protection Engine to stop responding and automatically restart.
The Microsoft Malware Protection Engine is a part of several Microsoft
products. Depending upon which product is installed, this security update
has different severity ratings. This security update is rated Moderate for
Windows Live OneCare, Microsoft Antigen for Exchange, Microsoft Antigen
for SMTP Gateway, Microsoft Windows Defender, Microsoft Forefront Client
Security, Microsoft Forefront Security for Exchange Server and Microsoft
Forefront Security for SharePoint. This security update is rated Low for
Standalone System Sweeper located in Diagnostics and Recovery Toolset 6.
For more information, see the subsection, Affected and Non-Affected
Software, in this section.
DETAILS
Affected Software:
* Windows Live OneCare - Denial of Service - Moderate
* Microsoft Antigen for Exchange - Denial of Service - Moderate
* Microsoft Antigen for SMTP Gateway - Denial of Service - Moderate
* Microsoft Windows Defender - Denial of Service - Moderate
* Microsoft Forefront Client Security - Denial of Service - Moderate
* Microsoft Forefront Security for Exchange Server - Denial of Service -
Moderate
* Microsoft Forefront Security for SharePoint - Denial of Service -
Moderate
* Standalone System Sweeper located in Diagnostics and Recovery Toolset
6.0 - Denial of Service - Low
Microsoft Malware Protection Engine Vulnerability - CVE-2008-1437
A denial of service vulnerability exists in the way that the Microsoft
Malware Protection Engine processes specially crafted files. An attacker
could exploit the vulnerability by constructing a specially crafted file
that could allow denial of service when received by the target computer
system and scanned by the Microsoft Malware Protection Engine. An attacker
who successfully exploited this vulnerability could cause the Microsoft
Malware Protection Engine to stop responding and automatically restart.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1437>
CVE-2008-1437
Microsoft Malware Protection Engine Vulnerability - CVE-2008-1438
A denial of service vulnerability exists in the way that the Microsoft
Malware Protection Engine processes specially crafted files. An attacker
could exploit the vulnerability by constructing a specially crafted file
that could allow denial of service when received by the target computer
system and scanned by the Microsoft Malware Protection Engine. An attacker
who successfully exploited this vulnerability could cause disk-space
exhaustion, leading to a denial of service condition and automatic
restart.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1438>
CVE-2008-1438
ADDITIONAL INFORMATION
The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx>
http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [EXPL] Symantec Altiris Client Service Local Privilege Escalation (Exploit)
- Next by Date: [NEWS] CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities
- Previous by thread: [EXPL] Symantec Altiris Client Service Local Privilege Escalation (Exploit)
- Next by thread: [NEWS] CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities
- Index(es):
Relevant Pages
|
