Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5424

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5424
Last Modified 29 Jan 2009 01:59:11
Published 11 Dec 2008 10:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5424

Summary

The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173.

Vulnerable Systems

Application

  • Microsoft Outlook Express 6.00.2900.5512


References

BID - 32702

BUGTRAQ - 20081209 Re: DoS attacks on MIME-capable software via complex MIME emails

BUGTRAQ - 20081208 DoS attacks on MIME-capable software via complex MIME emails

SREASON - 4721

MISC - http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro


Last Updated: 27 May 2016 10:48:49