Vulnerabilities > CVE-2008-7104 - Denial Of Service vulnerability in Sophos Puremessage for Microsoft Exchange 3.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
sophos
nessus

Summary

Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file.

Vulnerable Configurations

Part Description Count
Application
Sophos
1

Nessus

NASL familyWindows
NASL idSOPHOS_PUREMESSAGE_DOS.NASL
descriptionThe remote host is running Sophos PureMessage for Microsoft Exchange. The installed version of the software is affected by multiple vulnerabilities. - A vulnerability in PMScanner.exe could crash or hang the PureMessage Scanner service while processing certain rich text (RTF) or PDF files. - A vulnerability in PureMessage could abruptly terminate EdgeTransport.exe while replacing rich text body of certain TNEF-encoded messages with plaintext.
last seen2020-06-01
modified2020-06-02
plugin id34060
published2008-08-28
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/34060
titleSophos PureMessage < 3.0.2 Multiple Vulnerabilities