Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-1437

Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.

Published

2008-05-13T22:20:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-399
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application microsoft antigen_for_exchange * Yes
Application microsoft antigen_for_smtp_gateway * Yes
Application microsoft diagnostics_and_recovery_toolkit 6.0 Yes
Application microsoft forefront_client_security * Yes
Application microsoft forefront_security_for_exchange_server * Yes
Application microsoft forefront_security_for_sharepoint * Yes
Application microsoft malware_protection_engine 0.1.13.192 Yes
Application microsoft malware_protection_engine 1.1.3520.0 Yes
Application microsoft windows_defender * Yes
Application microsoft windows_live_onecare * Yes
References