Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5425

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5425
Last Modified 29 Jan 2009 01:59:12
Published 11 Dec 2008 10:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5425

Summary

ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.

Vulnerable Systems

Application

  • Eset Nod32 Antivirus 2.70.0039.0000


References

BUGTRAQ - 20081209 Re: DoS attacks on MIME-capable software via complex MIME emails

BUGTRAQ - 20081208 DoS attacks on MIME-capable software via complex MIME emails

SREASON - 4721

MISC - http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro


Last Updated: 27 May 2016 10:48:49