Vulnerabilities > CVE-2004-1312 - Remote Denial of Service vulnerability in GFI MailEssentials and MailSecurity HTML Email

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

gfi

critical

NVD

Published: 2005-01-03

Updated: 2008-09-05

Summary

A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.

Vulnerable Configurations

Part	Description	Count
Application	Gfi GFI Mailessentials 9.0 GFI Mailessentials 10.0 GFI Mailessentials 10.1 GFI Mailsecurity 8.0	4

References

http://kbase.gfi.com/showarticle.asp?id=KBID002249
http://secunia.com/advisories/13708
http://www.csis.dk/default.asp?m=1&a=194
http://www.securityfocus.com/bid/12148