Microsoft Malware Protection Engine File Parsing Vulnerability
Last Update Date:
16 May 2013 17:49
Release Date:
16 May 2013
4245
Views
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability has been identified in multiple Microsoft products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error when parsing certain files and can be exploited to cause memory corruption.
Successful exploitation may allow execution of arbitrary code.
Note: Only x64-based versions of the Malware Protection Engine are affected.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Microsoft Forefront Client Security (x64)
- Microsoft Forefront Endpoint Protection 2010 (x64)
- Microsoft Forefront Security for SharePoint Service Pack 3 (x64)
- Microsoft System Center 2012 Endpoint Protection (x64)
- Microsoft System Center 2012 Endpoint Protection Service Pack 1 (x64)
- Microsoft Malicious Software Removal Tool (x64)
- Microsoft Security Essentials (x64)
- Microsoft Security Essentials Prerelease (x64)
- Windows Defender for Windows 8 (x64)
- Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (x64)
- Windows Defender Offline (x64)
- Windows Intune Endpoint Protection (x64)
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Ensure that systems are running version 1.1.9506.0 or later of Microsoft Malware Protection Engine.
Vulnerability Identifier
Source
Related Link
Share with