Email anti-virus scanners and content filters from multiple vendors do not adequately check messages containing "message/partial" MIME entities (RFC 2046). As a result, viruses, malicious code, or other restricted content may not be detected.
Section 5.2.2 of RFC 2046 defines the "message/partial" Multipurpose Internet Mail Extensions (MIME) type:
5.2.2. Partial Subtype
Email anti-virus and content filters may not detect viruses, malicious code, or other restricted content that is sent as "message/partial" MIME parts in multiple email messages. Such messages may be automatically reassembled by MUAs, thus delivering the virus, malicious code, or restricted content to users.
The CERT/CC thanks Noam Rathaus of Beyond-Security SecuriTeam for reporting this vulnerability, and Menashe Eliezer of Finjan Software for information used in this document.
This document was written by Art Manion.
|Date First Published:||2002-09-13|
|Date Last Updated:||2002-09-18 22:14 UTC|