MS malware engine vulnerable to malware

OH DEAR, OH DEAR. If there was one piece of software you'd expect to be secure from malware attacks it would have to be malware protection software itself. Sadly, this is not the case with Microsoft Defender, the software giant's all-singing, all-dancing user security package.

According to security bulletin CVE-2006-5270 - Microsoft Malware Protection Engine Vulnerability, Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a PDF file. All the following are at risk of remote code execution:

Windows Live OneCare
Microsoft Antigen for Exchange 9.x
Microsoft Antigen for SMTP Gateway 9.x
Microsoft Windows Defender
Microsoft Windows Defender x64 Edition
Microsoft Windows Defender in Windows Vista
Microsoft Forefront Security for Exchange Server
Microsoft Forefront Security for SharePoint

According to the bulletin - rated 'critical' - a remote code execution vulnerability exists in the Microsoft Malware Protection Engine because of the way that it parses Portable Document Format (PDF) files. An attacker could exploit the vulnerability by constructing a specially crafted PDF File that could potentially allow remote code execution when the target computer system receives, and the Microsoft Malware Protection Engine scans, the PDF file.

To have one insecure security product could be seen as unlucky; to have eight looks a bit like carelessness. µ

L'INQ
Microsoft Security Bulletin MS07-010