Vulnerabilities > Resource Management Errors
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-11 | CVE-2008-5426 | Resource Management Errors vulnerability in Kaspersky LAB Kaspersky Internet Security Suite 2009 Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
| 2008-12-11 | CVE-2008-5425 | Resource Management Errors vulnerability in Eset Nod32 Antivirus 2.70.0039.0000 ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
| 2008-12-11 | CVE-2008-5424 | Resource Management Errors vulnerability in Microsoft Outlook Express 6.00.2900.5512 The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
| 2008-12-11 | CVE-2008-5421 | Resource Management Errors vulnerability in Netwin Smsgate The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header. | 5.0 |
| 2008-12-11 | CVE-2008-4844 | Resource Management Errors vulnerability in Microsoft Internet Explorer 5.01/6/7 Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. | 9.3 |
| 2008-12-10 | CVE-2008-4841 | Resource Management Errors vulnerability in Microsoft Wordpad Unknown The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. | 9.3 |
| 2008-12-10 | CVE-2008-4266 | Resource Management Errors vulnerability in Microsoft products Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx Excel Global Array Memory Corruption Vulnerability - CVE-2008-4266 A remote code execution vulnerability exists in Microsoft Office Excel as a result of stack corruption when loading Excel records. | 9.3 |
| 2008-12-10 | CVE-2008-4265 | Resource Management Errors vulnerability in Microsoft products Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx File Format Parsing Vulnerability - CVE-2008-4265 A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. | 9.3 |
| 2008-12-10 | CVE-2008-4264 | Resource Management Errors vulnerability in Microsoft products Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx File Format Parsing Vulnerability - CVE-2008-4264 A remote code execution vulnerability exists in Microsoft Office Excel as a result of pointer corruption when loading Excel formulas. | 9.3 |
| 2008-12-10 | CVE-2008-4256 | Resource Management Errors vulnerability in Microsoft products The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." | 8.5 |