CERT-In Vulnerability Note CIVN-2008-59
Microsoft Malware Protection Engine Input Validation Vulnerability
Original Issue Date:
May 14, 2008
Severity Rating:
Medium
System Affected
- Windows Live OneCare prior to engine version 1.1.3520.0
- Microsoft Antigen for Exchange prior to engine version 0.1.13.192
- Microsoft Antigen for SMTP Gateway prior to engine version 0.1.13.192
- Microsoft Windows Defender prior to engine version 1.1.3520.0
- Microsoft Forefront Client Security prior to engine version 1.1.3520.0
- Microsoft Forefront Security for Exchange Server prior to engine version 0.1.13.192
- Microsoft Forefront Security for SharePoint prior to engine version 0.1.13.192
- Standalone System Sweeper located in Diagnostics and Recovery Toolset 6.0 prior to engine version 0 1.1.3520.0
Overview
Two vulnerabilities have been reported in Microsoft Malware Protection Engine .These vulnerabilities can cause the engine to stop responding and automatically restart leading to a Denial of service.
Description
The Malware Protection Engine(mpengine.dll) provides scanning, detection, and cleaning capability for Microsoft antivirus and antispyware products.
The Microsoft Malware Protection Engine contains two vulnerabilities that could allow an unauthenticated, remote attacker to create a
denial of service (DoS) condition.
The vulnerability is due to improper validation of input within
specially crafted PE files. An attacker could exploit the vulnerability
by sending a specially crafted file to a system utilizing a product that leverages the Microsoft Malware Protection Engine. When a crafted
file is processed, it may cause the affected system to hang or restart, resulting in a DoS condition.
1. PE Parsing Memory Corruption (CVE-2008-1437)
An unspecified error in the Malware Protection Engine that does not properly validate input when parsing specially crafted PE files which could be exploited to cause Microsoft Malware Protection Engine to stop responding and automatically restart.
2. PE Parsing Disk Space D.o.S (CVE-2008-1438)
An unspecified error in the Malware Protection Engine that does not properly validate certain data structures when parsing specially
crafted PE files which can be exploited to fill up a system's disk
space, leading to a denial of service condition.
Solution
Apply appropriate patches as mentioned in Microsoft Security
Bulletin MS08-029
Vendor Information
Microsoft
http://www.microsoft.com/technet/security/bulletin/ms08-029.mspx
References
US-CERT
http://www.kb.cert.org/vuls/id/543907
SecurityFocus
http://www.securityfocus.com/bid/29060
http://www.securityfocus.com/bid/29073
Secunia
http://secunia.com/advisories/30172
FrSIRT
http://www.frsirt.com/english/advisories/2008/1506/references
SecurityTracker
http://www.securitytracker.com/id?1020016
CVE-Name
CVE-2008-1438
CVE-2008-1437
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
