CVE-2008-5424

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 11 December 2008

Summary

The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173.

References

http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro

x_refsource_MISC

http://securityreason.com/securityalert/4721

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/32702

vdb-entryx_refsource_BID

EPSS Score

3% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 11, 2008
Vulnerability Reserved
Dec 11, 2008

Collectors

NVD DatabaseMitre Database