PT-2008-6544 · Symantec · Norton Internet Security

Bernhard Brehm

Published

2008-12-11

Updated

2018-10-11

CVE-2008-5427

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Norton Internet Security version 15.5.0.23

Description The issue is related to how Norton Antivirus handles certain email messages. Specifically, it does not properly handle multipart/mixed email messages with many MIME parts and possibly email messages with many "Content-type: message/rfc822;" headers. This can be exploited by remote attackers to cause a denial of service through stack consumption or other resource consumption by sending a large email message.

Recommendations For Norton Internet Security version 15.5.0.23, update to a newer version that addresses this issue to prevent potential denial of service attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2008-5427

Affected Products

Norton Internet Security

PT-2008-6544 · Symantec · Norton Internet Security

CVE-2008-5427

Weakness Enumeration

Related Identifiers

Affected Products

References · 5