Denial of Service Vulnerability in Microsoft Malware Protection Engine
CVE-2008-1438

Currently unrated

Key Information:

Vendor: Microsoft
Status: Forefront Client Security; Windows Defender; Forefront Security For Exchange Server; Antigen For Exchange
Vendor: CVE Published:; 13 May 2008

Summary

The Microsoft Malware Protection Engine contains an unspecified vulnerability that can lead to a denial of service situation. Attackers can exploit this flaw by submitting specially crafted files, which result in the creation of oversized temporary files and ultimately exhaust disk space. This affects various Microsoft products relying on the mpengine.dll, compromising their operational stability.

References

http://secunia.com/advisories/30172

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/29073

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1020016

vdb-entryx_refsource_SECTRACK

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 13, 2008
Vulnerability Reserved
Mar 21, 2008