Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5427

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5427
Last Modified 29 Jan 2009 01:59:12
Published 11 Dec 2008 10:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5427

Summary

Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.

Vulnerable Systems

Application

  • Symantec Norton Internet Security 2008 15.5.0.23


References

BUGTRAQ - 20081209 Re: DoS attacks on MIME-capable software via complex MIME emails

BUGTRAQ - 20081208 DoS attacks on MIME-capable software via complex MIME emails

SREASON - 4721

MISC - http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro


Last Updated: 27 May 2016 10:48:49