A
vulnerability has been identified in various Microsoft products, which
could be exploited by attackers or malware to take complete control of
an affected system. This issue is due to an integer overflow error in
the Microsoft Malware Protection Engine (mpengine.dll) when processing
a specially crafted PDF file, which could be exploited by attackers to
execute arbitrary commands e.g. by sending an email containing a
malicious file to a system being protected by a vulnerable application.
Affected Products
Microsoft Windows Live OneCare
Microsoft Antigen for Exchange 9.x
Microsoft Antigen for SMTP Gateway 9.x
Microsoft Windows Defender
Microsoft Windows Defender x64 Edition
Microsoft Windows Defender in Windows Vista
Microsoft Forefront Security for Exchange Server
Microsoft Forefront Security for SharePoint
Solution
Upgrade to the latest Microsoft Malware Protection Engine update.
