Denial of Service Vulnerability in Microsoft Outlook Express
CVE-2008-5424

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 11 December 2008

Summary

The MimeOleClearDirtyTree function in InetComm.dll of Microsoft Outlook Express version 6.00.2900.5512 fails to adequately process multipart/mixed e-mail messages with numerous MIME parts and messages formatted with multiple 'Content-type: message/rfc822;' headers. This oversight creates a potential for remote attackers to exploit this vulnerability by sending a large, crafted email, leading to an infinite loop that can disrupt service. This issue shares characteristics with a previous vulnerability discussed in CVE-2006-1173.

References

http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro

x_refsource_MISC

http://securityreason.com/securityalert/4721

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/32702

vdb-entryx_refsource_BID

EPSS Score

28% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 11, 2008
Vulnerability Reserved
Dec 11, 2008