Vulnerabilities > CVE-2008-1437 - Resource Management Errors vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS08-029.NASL |
description | The remote host is running a version of Windows Malware Protection engine that is vulnerable to a bug in the file handling routine which could allow an attacker to crash the protection engine. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 32313 |
published | 2008-05-13 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/32313 |
title | MS08-029: Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044) |
code |
|
Oval
accepted | 2012-01-16T04:00:46.641-05:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438. | ||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:13981 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2011-12-09T18:23:43 | ||||||||||||||||||||||||
title | Microsoft Malware Protection Engine Vulnerability-I | ||||||||||||||||||||||||
version | 9 |
Seebug
bulletinFamily exploit description BUGTRAQ ID: 29060,29073 CVE(CAN) ID: CVE-2008-1437,CVE-2008-1438 Microsoft恶意软件保护引擎可为防病毒和反间谍软件客户端提供扫描、监测和清除功能。 Microsoft恶意软件保护引擎处理特制文件的方式中存在拒绝服务漏洞,攻击者可以通过建立特制文件来利用此漏洞,当目标计算机系统接收或Microsoft恶意软件保护引擎扫描到此文件时,就可能导致Microsoft恶意软件保护引擎停止响应和自动重新启动,或耗尽所有磁盘空间 0 Microsoft Windows Live OneCare Microsoft Antigen for SMTP Gateway Microsoft Antigen for Exchange Microsoft Windows Defender Microsoft Forefront Security for SharePoint Microsoft Forefront Security for Exchange Server Microsoft Forefront Client Security Microsoft Diagnostics and Recovery Toolset 6.x 临时解决方法: * 在同一系统上,Microsoft Forefront Security for Exchange Server、Microsoft Forefront Security for SharePoint 和Microsoft Antigen除了支持Microsoft恶意软件保护引擎外还支持多种引擎。如果受影响系统上有多个引擎可用,管理员可以禁用恶意软件保护引擎,直到可以更新Microsoft恶意软件保护引擎。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-029)以及相应补丁: MS08-029:Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044) http://www.microsoft.com/technet/security/bulletin/ms08-029.mspx?pf=true id SSV:3291 last seen 2017-11-19 modified 2008-05-17 published 2008-05-17 reporter Root title Microsoft恶意软件保护引擎多个拒绝服务漏洞(MS08-029) bulletinFamily exploit description CVE-2008-1437 CVE-2008-1438 There are two vulnerabilities idenitified in Microsoft Antivirus product. These vulnerabilities can be exploited to cause Denial of service. 1. CVE-2008-1437 PE Parsing Memory Corruption While scanning a specially crafted PE file, Malware orotection engine (MsMpEng.exe/mpengine.dll for Windows Live OneCare) will crash. Currently, There's no evidence of code execution found. Please note that this vulnerability can be triggered in various ways: a. by sending emails to target mail server which is protected by MS antivirus b. by sending emails to victim who is using Windows Onecare or Windows Defender. c. by convining the victim to visit some websites. d. by sending files (can be any extension) to victims through P2P/IM. Real Time protection is enabled by default, so in the case b&c, the vulnerability can be exploited without any further user interaction after the victim recieved the email or opened the website. 2. CVE-2008-1438 PE Parsing Disk Space D.o.S While parsing a specially crafted file with a malformed "size of header" is scanned by Microsoft Windows OneCare, there will be Disk Space DOS condition. Microsoft Malware protection engine will allocate disk space as much as the PE file "claimed", It can "eat" several Gb disk space of Windows installation driver. Windows Live OneCare Microsoft Antigen for Exchange Microsoft Antigen for SMTP Gateway Microsoft Windows Defender Microsoft Forefront Client Security Microsoft Forefront Security for Exchange Server Microsoft Forefront Security for SharePoint Standalone System Sweeper located in Diagnostics and Recovery Toolset 6.0 Microsoft has released an update address this issue. <a href=http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx</a> id SSV:3606 last seen 2017-11-19 modified 2008-07-13 published 2008-07-13 reporter Root title Microsoft Malware Protection Engine TWO DoS Vulnerabilities
References
- http://marc.info/?l=bugtraq&m=121129490723574&w=2
- http://secunia.com/advisories/30172
- http://www.securityfocus.com/bid/29060
- http://www.securitytracker.com/id?1020016
- http://www.us-cert.gov/cas/techalerts/TA08-134A.html
- http://www.vupen.com/english/advisories/2008/1506/references
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981