Microsoft Malware Protection Engine PDF File Parsing Remote Code Execution

2007-02-13T16:03:53
ID OSVDB:31888
Type osvdb
Reporter Alex Wheeler(advisories@hustlelabs.com), Neel Mehta()
Modified 2007-02-13T16:03:53

Description

Vulnerability Description

A local overflow exists in Malware Protection Engine. mpengine.dll fails to validate PDF files resulting in an integer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A local overflow exists in Malware Protection Engine. mpengine.dll fails to validate PDF files resulting in an integer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.microsoft.com Vendor Specific Advisory URL Security Tracker: 1017636 Secunia Advisory ID:24146 Microsoft Security Bulletin: MS07-010 Microsoft Knowledge Base Article: 932135 FrSIRT Advisory: ADV-2007-0579 CVE-2006-5270 Bugtraq ID: 22479