Bill’s Security Blog

It was only a matter of time.

“Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution”

The “Microsoft Malware Protection Engine” is the core of just about all of the Microsoft security tool suite.

Details:

A remote code execution vulnerability exists in the Microsoft Malware Protection Engine because of the way that it parses Portable Document Format (PDF) files. An attacker could exploit the vulnerability by constructing a specially crafted PDF File that could potentially allow remote code execution when the target computer system receives, and the Microsoft Malware Protection Engine scans, the PDF file.

Solution:

… administrators can disable the Microsoft Malware Protection Engine as a workaround …

Microsoft hasn’t been able to write secure code in 25 years. What makes us think they’ll begin doing so now.

PWNT by your malware detection system.

Good job, Microsoft.

For the end user:
Switch to an OS with a proven track record for security. Linux if you are impatient, OpenBSD if you like 100 proof.

For Microsoft:
How about a simple code analyzer. This bug is because your N00bish tool trusts un-verified input provided by an untrusted third party.

Full Details:
http://www.microsoft.com/technet/security/bulletin/ms07-010.mspx?pubDate=2007-02-13

This entry was posted on Friday, February 23rd, 2007 at 5:56 am and is filed under Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.