Overview
A vulnerability in the way Microsoft Malware Protection Engine processes PDF files may lead to execution of arbitrary code.
Description
Microsoft Malware Protection Engine contains a vulnerability that could be exploited when it attempts to process specially crafted PDF files. According to Microsoft Security Bulletin MS07-010, an integer overflow vulnerability exists in the way that the Microsoft Malware Protection Engine processes Portable Document Format (PDF) files. An attacker with the ability to supply a specially crafted PDF file could exploit this vulnerability. Note that according to Microsoft the Malware Protection Engine is a coponent of the following:
|
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition. |
Solution
UpdateMicrosoft has released an update to address this issue. See Microsoft Security Bulletin MS07-010 for more details. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported in Microsoft Security Bulletin ms07-10. Microsoft credits Neel Mehta and Alex Wheeler of ISS X-Force for reporting this issue.
This document was written by Chris Taschner.
Other Information
| CVE IDs: | CVE-2006-5270 |
| Severity Metric: | 25.65 |
| Date Public: | 2007-02-13 |
| Date First Published: | 2007-02-20 |
| Date Last Updated: | 2007-02-23 13:53 UTC |
| Document Revision: | 15 |