CVE-2008-1437

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.

Vulnerabilidad no especificada en la Máquina de Protección de Malware de Microsoft (mpengine.dll) versiones 1.1.3520.0 y 0.1.13.192, tal y como se usa en múltiples productos de Microsoft, permite a atacantes según contexto provocar una denegación de servicio (cuelgue del equipo y reinicio) a través de un archivo manipulado, una vulnerabilidad diferente a la CVE-2008-1438.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-03-21 CVE Reserved
2008-05-13 CVE Published
2024-08-07 CVE Updated
2024-11-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (8)

URL	Tag	Source
http://www.securityfocus.com/bid/29060	Vdb Entry
http://www.securitytracker.com/id?1020016	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA08-134A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1506/references	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://marc.info/?l=bugtraq&m=121129490723574&w=2	2018-10-12
http://secunia.com/advisories/30172	2018-10-12
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029	2018-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Antigen For Exchange Search vendor "Microsoft" for product "Antigen For Exchange"				*		-		Affected
Microsoft Search vendor "Microsoft"		Antigen For Smtp Gateway Search vendor "Microsoft" for product "Antigen For Smtp Gateway"				*		-		Affected
Microsoft Search vendor "Microsoft"		Diagnostics And Recovery Toolkit Search vendor "Microsoft" for product "Diagnostics And Recovery Toolkit"				6.0 Search vendor "Microsoft" for product "Diagnostics And Recovery Toolkit" and version "6.0"		-		Affected
Microsoft Search vendor "Microsoft"		Forefront Client Security Search vendor "Microsoft" for product "Forefront Client Security"				*		-		Affected
Microsoft Search vendor "Microsoft"		Forefront Security For Exchange Server Search vendor "Microsoft" for product "Forefront Security For Exchange Server"				*		-		Affected
Microsoft Search vendor "Microsoft"		Forefront Security For Sharepoint Search vendor "Microsoft" for product "Forefront Security For Sharepoint"				*		-		Affected
Microsoft Search vendor "Microsoft"		Malware Protection Engine Search vendor "Microsoft" for product "Malware Protection Engine"				0.1.13.192 Search vendor "Microsoft" for product "Malware Protection Engine" and version "0.1.13.192"		-		Affected
Microsoft Search vendor "Microsoft"		Malware Protection Engine Search vendor "Microsoft" for product "Malware Protection Engine"				1.1.3520.0 Search vendor "Microsoft" for product "Malware Protection Engine" and version "1.1.3520.0"		-		Affected
Microsoft Search vendor "Microsoft"		Windows Defender Search vendor "Microsoft" for product "Windows Defender"				*		-		Affected
Microsoft Search vendor "Microsoft"		Windows Live Onecare Search vendor "Microsoft" for product "Windows Live Onecare"				*		-		Affected