Re: DoS attacks on MIME-capable software via complex MIME emails

From: Dave English <dave.english@thus.net>
To: bugtraq@securityfocus.com
Cc:
Subject: Re: DoS attacks on MIME-capable software via complex MIME emails
Date:


In message <20081208225217.10144.qmail@securityfocus.com>, 
bruhns@recurity-labs.com writes
...
>== Specific Software ==
>Vulnerable:
>Microsoft Outlook Express 6, Version 6.00.2900.5512
>Opera Version: 9.51 Build: 10081 System: Windows XP
>Incredimail Build ID: 5853710 Setup ID: 7 Pn: 92977368
>Norton Internet Security Version 15.5.0.23
>ESet NOD32 2.70.0039.0000
>Kaspersky Internet Security 2009; Databases from 23.07.2008
>
>Slightly affected:
>Mozilla Thunderbird Version 2.0.14 (20080421)
>
>Not vulnerable:
>Avira Antivir Search engine: v8.01.01.11, 17.07.2008
>Mutt
>Courier

Turnpike is also not vulnerable.  Multikill is displayed correctly & 
Nesty is partially displayed, after a warning that the message is too 
complex.

>== Credit ==
>This bug was discovered by Bernhard 'Bruhns' Brehm at Recurity Labs.
>Company page: http://www.recurity-labs.com
...
-- 
Dave English                           Internet Platform Development
Senior Software & Systems Engineer                              Thus
                                            a Cable&Wireless business




Copyright © 1995-2019 LinuxRocket.net. All rights reserved.