A vulnerability in the way Microsoft Malware Protection Engine processes PDF files may lead to execution of arbitrary code.
Microsoft Malware Protection Engine contains a vulnerability that could be exploited when it attempts to process specially crafted PDF files. According to Microsoft Security Bulletin MS07-010, an integer overflow vulnerability exists in the way that the Microsoft Malware Protection Engine processes Portable Document Format (PDF) files. An attacker with the ability to supply a specially crafted PDF file could exploit this vulnerability.
Note that according to Microsoft the Malware Protection Engine is a coponent of the following:
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.
UpdateMicrosoft has released an update to address this issue. See Microsoft Security Bulletin MS07-010 for more details.
This vulnerability was reported in Microsoft Security Bulletin ms07-10. Microsoft credits Neel Mehta and Alex Wheeler of ISS X-Force for reporting this issue.
This document was written by Chris Taschner.
|Date First Published:||2007-02-20|
|Date Last Updated:||2007-02-23 13:53 UTC|