Denial of Service Vulnerability in Norton Antivirus by Symantec
CVE-2008-5427

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Internet Security 2008
Vendor: CVE Published:; 11 December 2008

Summary

Norton Antivirus, part of Norton Internet Security version 15.5.0.23, inadequately processes multipart/mixed email messages containing numerous MIME parts. Additionally, it fails to handle e-mails with multiple 'Content-type: message/rfc822;' headers. This vulnerability can be exploited by remote attackers, potentially leading to Denial of Service attacks caused by excessive stack or resource consumption through large and complex email messages.

References

http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro

x_refsource_MISC

http://securityreason.com/securityalert/4721

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/499038/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Dec 11, 2008
Vulnerability Reserved
Dec 11, 2008