search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Malware Protection Engine fails to properly process a specially crafted PDF File

Vulnerability Note VU#511577

Original Release Date: 2007-02-20 | Last Revised: 2007-02-23


A vulnerability in the way Microsoft Malware Protection Engine processes PDF files may lead to execution of arbitrary code.


Microsoft Malware Protection Engine contains a vulnerability that could be exploited when it attempts to process specially crafted PDF files. According to Microsoft Security Bulletin MS07-010, an integer overflow vulnerability exists in the way that the Microsoft Malware Protection Engine processes Portable Document Format (PDF) files. An attacker with the ability to supply a specially crafted PDF file could exploit this vulnerability.

Note that according to Microsoft the Malware Protection Engine is a coponent of the following:

    • Windows Live OneCare
    • Microsoft Antigen for Exchange 9.x
    • Microsoft Antigen for SMTP Gateway 9.x
    • Microsoft Windows Defender
    • Microsoft Windows Defender x64 Edition
    • Microsoft Windows Defender in Windows Vista
    • Microsoft Forefront Security for Exchange Server
    • Microsoft Forefront Security for SharePoint


A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.


UpdateMicrosoft has released an update to address this issue. See Microsoft Security Bulletin MS07-010 for more details.

Vendor Information


Microsoft Corporation Affected

Updated:  February 20, 2007



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Refer to Microsoft Security Bulletin MS07-010.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



This vulnerability was reported in Microsoft Security Bulletin ms07-10. Microsoft credits Neel Mehta and Alex Wheeler of ISS X-Force for reporting this issue.

This document was written by Chris Taschner.

Other Information

CVE IDs: CVE-2006-5270
Severity Metric: 25.65
Date Public: 2007-02-13
Date First Published: 2007-02-20
Date Last Updated: 2007-02-23 13:53 UTC
Document Revision: 15

Sponsored by CISA.