9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.586 Medium
EPSS
Percentile
97.7%
A vulnerability in the way Microsoft Malware Protection Engine processes PDF files may lead to execution of arbitrary code.
Microsoft Malware Protection Engine contains a vulnerability that could be exploited when it attempts to process specially crafted PDF files. According to Microsoft Security Bulletin MS07-010, an integer overflow vulnerability exists in the way that the Microsoft Malware Protection Engine processes Portable Document Format (PDF) files. An attacker with the ability to supply a specially crafted PDF file could exploit this vulnerability.
Note that according to Microsoft the Malware Protection Engine is a coponent of the following:
* Windows Live OneCare
* Microsoft Antigen for Exchange 9.x
* Microsoft Antigen for SMTP Gateway 9.x
* Microsoft Windows Defender
* Microsoft Windows Defender x64 Edition
* Microsoft Windows Defender in Windows Vista
* Microsoft Forefront Security for Exchange Server
* Microsoft Forefront Security for SharePoint
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.
UpdateMicrosoft has released an update to address this issue. See Microsoft Security Bulletin MS07-010 for more details.
511577
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: February 20, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to Microsoft Security Bulletin MS07-010.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23511577 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported in Microsoft Security Bulletin ms07-10. Microsoft credits Neel Mehta and Alex Wheeler of ISS X-Force for reporting this issue.
This document was written by Chris Taschner.
CVE IDs: | CVE-2006-5270 |
---|---|
Severity Metric: | 25.65 Date Public: |