CVE-2008-1438

Published: May 13, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.

Affected (10)

Products: Microsoft: Antigen For Exchange, Antigen For Smtp Gateway, Diagnostics And Recovery Toolkit, Forefront Client Security, Forefront Security For Exchange Server, Forefront Security For Sharepoint, Malware Protection Engine, Windows Defender, Windows Live Onecare

Microsoft

9 products

Antigen For Exchange

Antigen For Smtp Gateway

Diagnostics And Recovery Toolkit

Forefront Client Security

Forefront Security For Exchange Server

Forefront Security For Sharepoint

Malware Protection Engine

Windows Defender

Windows Live Onecare

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Microsoft Antigen For Exchange	All versions
Microsoft Antigen For Smtp Gateway	All versions
Microsoft Diagnostics And Recovery Toolkit	Version 6.0
Microsoft Forefront Client Security	All versions
Microsoft Forefront Security For Exchange Server	All versions
Microsoft Forefront Security For Sharepoint	All versions
Microsoft Malware Protection Engine	Version 0.1.13.192
Microsoft Malware Protection Engine	Version 1.1.3520.0
Microsoft Windows Defender	All versions
Microsoft Windows Live Onecare	All versions