Vulnerabilites related to microsoft - windows_live_onecare
cve-2008-1438
Vulnerability from cvelistv5
Published
2008-05-13 22:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/30172 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29073 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1020016 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.vupen.com/english/advisories/2008/1506/references | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=121129490723574&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.us-cert.gov/cas/techalerts/TA08-134A.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=121129490723574&w=2 | vendor-advisory, x_refsource_HP | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "29073",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29073"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "oval:org.mitre.oval:def:14375",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with \"crafted data structures\" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "29073",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29073"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "oval:org.mitre.oval:def:14375",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with \"crafted data structures\" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30172"
},
{
"name": "29073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29073"
},
{
"name": "1020016",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "oval:org.mitre.oval:def:14375",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375"
},
{
"name": "ADV-2008-1506",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1438",
"datePublished": "2008-05-13T22:00:00",
"dateReserved": "2008-03-21T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5270
Vulnerability from cvelistv5
Published
2007-02-13 20:00
Modified
2024-08-07 19:41
Severity ?
EPSS score ?
Summary
Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-010 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/22479 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/31888 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/cas/techalerts/TA07-044A.html | third-party-advisory, x_refsource_CERT | |
| http://www.kb.cert.org/vuls/id/511577 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/24146 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1017636 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/0579 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS07-010",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-010"
},
{
"name": "22479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22479"
},
{
"name": "31888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31888"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "VU#511577",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/511577"
},
{
"name": "24146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24146"
},
{
"name": "1017636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017636"
},
{
"name": "ADV-2007-0579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS07-010",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-010"
},
{
"name": "22479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22479"
},
{
"name": "31888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31888"
},
{
"name": "TA07-044A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "VU#511577",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/511577"
},
{
"name": "24146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24146"
},
{
"name": "1017636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017636"
},
{
"name": "ADV-2007-0579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS07-010",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-010"
},
{
"name": "22479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22479"
},
{
"name": "31888",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31888"
},
{
"name": "TA07-044A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "VU#511577",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/511577"
},
{
"name": "24146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24146"
},
{
"name": "1017636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017636"
},
{
"name": "ADV-2007-0579",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5270",
"datePublished": "2007-02-13T20:00:00",
"dateReserved": "2006-10-13T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0037
Vulnerability from cvelistv5
Published
2011-02-25 17:00
Modified
2024-08-06 21:43
Severity ?
EPSS score ?
Summary
Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.microsoft.com/technet/security/advisory/2491888.mspx | x_refsource_CONFIRM | |
| http://secunia.com/advisories/43468 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/46540 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2011/0486 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1025117 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65626 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:15.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.microsoft.com/technet/security/advisory/2491888.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-0037",
"datePublished": "2011-02-25T17:00:00",
"dateReserved": "2010-12-10T00:00:00",
"dateUpdated": "2024-08-06T21:43:15.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1437
Vulnerability from cvelistv5
Published
2008-05-13 22:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/30172 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1020016 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/29060 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.vupen.com/english/advisories/2008/1506/references | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=121129490723574&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.us-cert.gov/cas/techalerts/TA08-134A.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=121129490723574&w=2 | vendor-advisory, x_refsource_HP | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "29060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29060"
},
{
"name": "oval:org.mitre.oval:def:13981",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "29060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29060"
},
{
"name": "oval:org.mitre.oval:def:13981",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30172"
},
{
"name": "1020016",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "29060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29060"
},
{
"name": "oval:org.mitre.oval:def:13981",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981"
},
{
"name": "ADV-2008-1506",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1437",
"datePublished": "2008-05-13T22:00:00",
"dateReserved": "2008-03-21T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-05-13 22:20
Modified
2024-11-21 00:44
Severity ?
Summary
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:antigen_for_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC4C839-B772-44EB-BD55-7477FFD73C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:antigen_for_smtp_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B3A3CB-9A6C-4FC6-BF90-003D8A9FC3D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:diagnostics_and_recovery_toolkit:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "166B173E-90D5-4DBF-AD6F-3C804687CB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_client_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "769D4056-0E25-4A0A-B0E7-265AC188053A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_security_for_exchange_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B50C829-EFB4-4C5D-B1F2-871F3EE7B5C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_security_for_sharepoint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFC59CB-6211-49DD-B833-B00D3CE53A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:0.1.13.192:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEA6F8E-1A38-47FC-891C-326EAA8A9F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:1.1.3520.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EFC0F5-EB5E-4D34-9B8B-5C60CCC32D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A458632B-D1AE-4643-A8F0-4295B506E341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_live_onecare:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4109D8E8-A385-4098-A983-FCF5F69CCD1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with \"crafted data structures\" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la M\u00e1quina de Protecci\u00f3n de Malware de Microsoft (mpengine.dll) versiones 1.1.3520.0 y 0.1.13.192, tal y como se usa en m\u00faltiples productos de Microsoft, permite a atacantes seg\u00fan contexto provocar una denegaci\u00f3n de Servicio (agotamiento de espacio en disco) a trav\u00e9s de \u201cestructuras de datos manipuladas\u201d que provocan la creaci\u00f3n de ficheros grandes temporales, una vulnerabilidad diferente a la CVE-2008-1438."
}
],
"id": "CVE-2008-1438",
"lastModified": "2024-11-21T00:44:31.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-13T22:20:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30172"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/29073"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1020016"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-25 18:00
Modified
2024-11-21 01:23
Severity ?
Summary
Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | forefront_client_security | * | |
| microsoft | forefront_endpoint_protection_2010 | - | |
| microsoft | malicious_software_removal_tool | * | |
| microsoft | malware_protection_engine | * | |
| microsoft | malware_protection_engine | 0.1.13.192 | |
| microsoft | malware_protection_engine | 1.1.3520.0 | |
| microsoft | security_essentials | * | |
| microsoft | windows_defender | * | |
| microsoft | windows_live_onecare | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:forefront_client_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "769D4056-0E25-4A0A-B0E7-265AC188053A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_endpoint_protection_2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43383FAA-0CD9-4D86-B957-814FE226D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malicious_software_removal_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAB4CCB-8116-45EC-A261-D16A168C7198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F718BB5E-D0EA-497D-9085-C4462C029E37",
"versionEndIncluding": "1.1.6502.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:0.1.13.192:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEA6F8E-1A38-47FC-891C-326EAA8A9F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:1.1.3520.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EFC0F5-EB5E-4D34-9B8B-5C60CCC32D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3151D41-960B-4A4B-8585-07B1DCFEA454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A458632B-D1AE-4643-A8F0-4295B506E341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_live_onecare:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4109D8E8-A385-4098-A983-FCF5F69CCD1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key."
},
{
"lang": "es",
"value": "Microsoft Malware Protection Engine anterior a v1.1.6603.0, tal como se utiliz\u00f3 en Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, y Windows Live OneCare, permite a usuarios locales conseguir privilegios a trav\u00e9s de un valor manipulado de una clave de registro de usuario sin especificar"
}
],
"id": "CVE-2011-0037",
"lastModified": "2024-11-21T01:23:10.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-25T18:00:01.213",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43468"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1025117"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/46540"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-13 22:20
Modified
2024-11-21 00:44
Severity ?
Summary
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:antigen_for_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC4C839-B772-44EB-BD55-7477FFD73C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:antigen_for_smtp_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B3A3CB-9A6C-4FC6-BF90-003D8A9FC3D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:diagnostics_and_recovery_toolkit:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "166B173E-90D5-4DBF-AD6F-3C804687CB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_client_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "769D4056-0E25-4A0A-B0E7-265AC188053A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_security_for_exchange_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B50C829-EFB4-4C5D-B1F2-871F3EE7B5C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_security_for_sharepoint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFC59CB-6211-49DD-B833-B00D3CE53A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:0.1.13.192:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEA6F8E-1A38-47FC-891C-326EAA8A9F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:1.1.3520.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EFC0F5-EB5E-4D34-9B8B-5C60CCC32D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A458632B-D1AE-4643-A8F0-4295B506E341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_live_onecare:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4109D8E8-A385-4098-A983-FCF5F69CCD1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la M\u00e1quina de Protecci\u00f3n de Malware de Microsoft (mpengine.dll) versiones 1.1.3520.0 y 0.1.13.192, tal y como se usa en m\u00faltiples productos de Microsoft, permite a atacantes seg\u00fan contexto provocar una denegaci\u00f3n de servicio (cuelgue del equipo y reinicio) a trav\u00e9s de un archivo manipulado, una vulnerabilidad diferente a la CVE-2008-1438."
}
],
"id": "CVE-2008-1437",
"lastModified": "2024-11-21T00:44:31.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-13T22:20:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30172"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/29060"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1020016"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-13 20:28
Modified
2024-11-21 00:18
Severity ?
Summary
Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | antigen | * | |
| microsoft | forefront_security | * | |
| microsoft | malware_protection_engine | * | |
| microsoft | windows_defender | * | |
| microsoft | windows_live_onecare | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:antigen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9567D1AD-0F12-47B7-9CC1-305840ACFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:forefront_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE4B3B9-9C17-49A4-A957-53855F4F2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4932C7CD-A5A9-4551-A0B2-73D313BA2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A458632B-D1AE-4643-A8F0-4295B506E341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_live_onecare:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4109D8E8-A385-4098-A983-FCF5F69CCD1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file."
},
{
"lang": "es",
"value": "Desbordamiento de entero en el Motor de Protecci\u00f3n de Malware de Microsoft (mpengine.dll), como el usado en Windows Live OneCare, Antigen, Defender, y Forefront Security, permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero PDF artesanal."
}
],
"id": "CVE-2006-5270",
"lastModified": "2024-11-21T00:18:33.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-13T20:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24146"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/511577"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/31888"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22479"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017636"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0579"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/511577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/31888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-010"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}