CVE-2008-5424
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173.
La función MimeOleClearDirtyTree en InetComm.dll en Microsoft Outlook Express v6.00.2900.5512 no gestiona apropiadamente (1) mensajes de correo multipart/mixed con muchas partes MIME y posiblemente (2) mensajes de correo electrónico con muchas cabeceras "Content-type: message/rfc822;", lo que permite a atacantes remotos provocar una denegación de servicio (consumo de pila o consumo de otros recursos) mediante un correo electrónico de gran tamaño, un problema relacionado a CVE-2006-1173.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-12-11 CVE Reserved
- 2008-12-11 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-10-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://securityreason.com/securityalert/4721 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/499038/100/0/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/499045/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/32702 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Outlook Express Search vendor "Microsoft" for product "Outlook Express" | 6.00.2900.5512 Search vendor "Microsoft" for product "Outlook Express" and version "6.00.2900.5512" | - |
Affected
|