Microsoft Outlook Express Malformed MIME Message DoS Vulnerability Network Vulnerability

Summary

The host is installed with Microsoft Outlook Express and is prone to denial of service vulnerability.

Impact

Successful exploitation could result in application to crash. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. For updates refer to http://office.microsoft.com/en-us/outlook/default.aspx

Insight

Flaw is due to improper handling of multipart/mixed e-mail messages with many MIME parts and e-mail messages with many Content-type: message/rfc822 headers in MimeOleClearDirtyTree function of InetComm.dll file.

Affected

Microsoft Outlook Express 6.x to 6.00.2900.5512

References

http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro
http://www.securityfocus.com/archive/1/499038
http://www.securityfocus.com/archive/1/499045

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5424
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Ciscokits TFTP Server Long Filename Denial Of Service Vulnerability
ArGoSoft FTP Server XCWD Overflow
DB2 DOS
Asterisk RTP Text Frames Denial Of Service Vulnerability
Active Perl Denial of Service Vulnerability Feb 2014 (Windows)

Take action and discover your vulnerabilities