Content

(MS07-010) Microsoft Antivirus Engine Vulnerability (932135)

Type
Logic error
Impact of exploitation
Remote Code Execution
User Interaction
no user interaction is needed
Attack Vector
Maliciously Crafted File
Rating
High
CVE reference
CVE-2006-5270,
Vendor Status
Responded and patched
Vulnerable systems
Windows XP  SP2,
Vista  SP0,
Internet Explorer  6,
Internet Explorer  7,
Windows 2003  SP0 - SP1,
Windows 2000  SP4,
Microsoft Exchange Server  2003,
Microsoft Exchange Server  2000,
Windows Live OneCare  Online,
Antigen  9.X,
Windows Defender  Current,
Windows Defender  x64 Edition,
Microsoft Forefront Security for Exchange Server  1.X,
Microsoft Forefront Security for SharePoint Server  1.X,
Summary
A vulnerability in Microsoft Antivirus may allow for remote code execution.

Tab Navigation

Description

Microsoft Antivirus is an antivirus scanner developed by Microsoft. It is used by Microsoft Windows Live OneCare, Microsoft Windows Defender, and Microsoft Forefront Security. A vulnerability in Microsoft Antivirus may allow for remote code execution. The vulnerability lies in the parsing of Portable Document Format (PDF) files. A specially crafted PDF file scanned by Microsoft Antivirus would cause an integer overflow.

McAfee Product Mitigation & Recommendations

Recommendations

Download and install the patch available from Microsoft (932135): http://www.microsoft.com/technet/security/Bulletin/MS07-010.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:
(MS07-010) Microsoft Antivirus Engine Vulnerability (932135)
Signature identifier:
4936
Release date:
2/13/2007
First released in:
McAfee Intrushield

This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:
Microsoft Antivirus Engine Vulnerability
Signature identifier:
0x40232500
Release date:
2/13/2007
First released in:
sigset 3.1.31

Additional Resources

Microsoft Security Bulletin MS07-010: Vulnerability in Microsoft Antivirus Engine Could Allow Remote Code Execution (932135)

http://www.microsoft.com/technet/security/Bulletin/MS07-010.mspx

All Information

Timeline -

2/13/2007

Vendor has provided a patch.

Description -

Microsoft Antivirus is an antivirus scanner developed by Microsoft. It is used by Microsoft Windows Live OneCare, Microsoft Windows Defender, and Microsoft Forefront Security. A vulnerability in Microsoft Antivirus may allow for remote code execution. The vulnerability lies in the parsing of Portable Document Format (PDF) files. A specially crafted PDF file scanned by Microsoft Antivirus would cause an integer overflow.

McAfee Product Mitigation & Recommendations

Recommendations -

Download and install the patch available from Microsoft (932135): http://www.microsoft.com/technet/security/Bulletin/MS07-010.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:
(MS07-010) Microsoft Antivirus Engine Vulnerability (932135)
Signature identifier:
4936
Release date:
2/13/2007
First released in:
McAfee Intrushield

This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:
Microsoft Antivirus Engine Vulnerability
Signature identifier:
0x40232500
Release date:
2/13/2007
First released in:
sigset 3.1.31

Additional Resources

Additional Resources -

Microsoft Security Bulletin MS07-010: Vulnerability in Microsoft Antivirus Engine Could Allow Remote Code Execution (932135)

http://www.microsoft.com/technet/security/Bulletin/MS07-010.mspx