Problémy nastávají u p?íjemce p?i nesprávných parametrech nebo obecn?, když parser nerozumí obsahu. Existuje SW na otestování správnosti MIME, viz zpráva NISCC.
Blíže:
The British National Infrastructure Security Co-ordination Centre (NISCC) issued an alert that eight vulnerabilities in the MIME internet email protocol extension can allow hackers to bypass content checking and anti-virus tools and launch denial of service attacks. The vulnerabilities can be exploited by using malformed subjects, non-standard white-space, and non-standard quoting, allowing malicious code to evade content checks. The flaws were discovered over a year ago by security consultancy Corsaire, who alerted NISCC because of the widespread nature of the vulnerabilities and the co-ordination required between vendors to fix them. Many vendors have already issued patches, and Apple, HP, MessageLabs and Mozilla have announced that their products are not affected. Anti-virus company F-Secure has confirmed that its Internet Gatekeeper server products are affected and will be patched in the next release, scheduled for the fourth-quarter of 2004.
Viz též
http://software.silicon.com/malware/0,3800003100,39123925,00.htm a
http://www.theregister.co.uk/2004/09/13/mime_vuln .
