CVE-2008-1438

CWE-399CWE-190Integer Overflow4 documents4 sources
Severity
5.0MEDIUM
EPSS
43.7%
top 2.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Diagnostics AND Recovery ToolkitMicrosoft Malware Protection Engine
Timeline
PublishedMay 13
Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/malware_protection_engine0.1.13.192, 1.1.3520.0+1

🔴Vulnerability Details

2
GHSA
GHSA-w2f8-fjc5-vrwh: Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine2022-05-01
CVEList
CVE-2008-1438: Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine2008-05-13

📋Vendor Advisories

1
Red Hat
libmodplug: Integer overflow in the MED files loading routine2008-02-25
CVE-2008-1438 (MEDIUM CVSS 5) | Unspecified vulnerability in Micros | cvebase.io