CVE-2008-5424

Name of the Vulnerable Software and Affected Versions Microsoft Outlook Express version 6.00.2900.5512

Description The issue is related to the handling of certain e-mail messages by the MimeOleClearDirtyTree function in InetComm.dll. Specifically, it does not properly handle multipart/mixed e-mail messages with many MIME parts and possibly e-mail messages with many "Content-type: message/rfc822;" headers. This can allow remote attackers to cause a denial of service, resulting in an infinite loop, via a large e-mail message.

Recommendations For Microsoft Outlook Express version 6.00.2900.5512, consider avoiding the use of the MimeOleClearDirtyTree function until a patch is available. As a temporary workaround, restrict the handling of multipart/mixed e-mail messages and messages with many "Content-type: message/rfc822;" headers to minimize the risk of exploitation.