CVE-2008-1438

2008-05-1322:20:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-1438

microsoft malware protection engine

denial of service

crafted data structures

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6 Medium

AI Score

Confidence

Low

0.86 High

EPSS

Percentile

98.6%

JSON

Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with “crafted data structures” that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.

Affected configurations

NVD

Node

microsoftantigen_for_exchange

microsoftantigen_for_smtp_gateway

microsoftdiagnostics_and_recovery_toolkitMatch6.0

microsoftforefront_client_security

microsoftforefront_security_for_exchange_server

microsoftforefront_security_for_sharepoint

microsoftmalware_protection_engineMatch0.1.13.192

microsoftmalware_protection_engineMatch1.1.3520.0

microsoftwindows_defender

microsoftwindows_live_onecare

CPENameOperatorVersion
microsoft:antigen_for_exchangemicrosoft antigen for exchangeeq*
microsoft:antigen_for_smtp_gatewaymicrosoft antigen for smtp gatewayeq*
microsoft:diagnostics_and_recovery_toolkitmicrosoft diagnostics and recovery toolkiteq6.0
microsoft:forefront_client_securitymicrosoft forefront client securityeq*
microsoft:forefront_security_for_exchange_servermicrosoft forefront security for exchange servereq*
microsoft:forefront_security_for_sharepointmicrosoft forefront security for sharepointeq*
microsoft:malware_protection_enginemicrosoft malware protection engineeq0.1.13.192
microsoft:malware_protection_enginemicrosoft malware protection engineeq1.1.3520.0
microsoft:windows_defendermicrosoft windows defendereq*
microsoft:windows_live_onecaremicrosoft windows live onecareeq*

CPE	Name	Operator	Version
microsoft:antigen_for_exchange	microsoft antigen for exchange	eq	*
microsoft:antigen_for_smtp_gateway	microsoft antigen for smtp gateway	eq	*
microsoft:diagnostics_and_recovery_toolkit	microsoft diagnostics and recovery toolkit	eq	6.0
microsoft:forefront_client_security	microsoft forefront client security	eq	*
microsoft:forefront_security_for_exchange_server	microsoft forefront security for exchange server	eq	*
microsoft:forefront_security_for_sharepoint	microsoft forefront security for sharepoint	eq	*
microsoft:malware_protection_engine	microsoft malware protection engine	eq	0.1.13.192
microsoft:malware_protection_engine	microsoft malware protection engine	eq	1.1.3520.0
microsoft:windows_defender	microsoft windows defender	eq	*
microsoft:windows_live_onecare	microsoft windows live onecare	eq	*