Vulnerability Note VU#836088
Multiple vendors' email content/virus scanners do not adequately check "message/partial" MIME entities
Email anti-virus scanners and content filters from multiple vendors do not adequately check messages containing "message/partial" MIME entities (RFC 2046). As a result, viruses, malicious code, or other restricted content may not be detected.
Section 5.2.2 of RFC 2046 defines the "message/partial" Multipurpose Internet Mail Extensions (MIME) type:
5.2.2. Partial Subtype
Note that some products may corrupt messages containing "message/partial" MIME parts such that they cannot be automatically reassembled by mail user agents (MUAs). This behavior provides some protection at the cost of breaking the intended functionality of the "message/partial" MIME type.
Beyond-Security SecuriTeam has released an advisory that describes this vulnerability in further detail.
Email anti-virus and content filters may not detect viruses, malicious code, or other restricted content that is sent as "message/partial" MIME parts in multiple email messages. Such messages may be automatically reassembled by MUAs, thus delivering the virus, malicious code, or restricted content to users.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Check Point||Affected||13 Sep 2002||18 Sep 2002|
|Command Software||Affected||04 Sep 2002||18 Sep 2002|
|GFI Software||Affected||13 Sep 2002||18 Sep 2002|
|Roaring Penguin Software||Affected||-||18 Sep 2002|
|F-Secure||Not Affected||04 Sep 2002||18 Sep 2002|
|Finjan Software||Not Affected||10 Sep 2002||13 Sep 2002|
|Symantec||Not Affected||04 Sep 2002||18 Sep 2002|
|Aladdin Knowledge Systems||Unknown||04 Sep 2002||13 Sep 2002|
|Cisco Systems Inc.||Unknown||-||13 Sep 2002|
|Computer Associates||Unknown||04 Sep 2002||13 Sep 2002|
|CyberSoft||Unknown||04 Sep 2002||13 Sep 2002|
|Network Associates||Unknown||13 Sep 2002||18 Sep 2002|
|Sophos||Unknown||04 Sep 2002||13 Sep 2002|
|Trend Micro||Unknown||04 Sep 2002||13 Sep 2002|
CVSS Metrics (Learn More)
This document was written by Art Manion.
- CVE IDs: CAN-2002-1121
- Date Public: 12 Sep 2002
- Date First Published: 13 Sep 2002
- Date Last Updated: 18 Sep 2002
- Severity Metric: 1.80
- Document Revision: 32
If you have feedback, comments, or additional information about this vulnerability, please send us email.