CVE-2004-1312 — Mailessentials vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

1.0%

top 23.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GFI Mailessentials GFI Mailsecurity

Timeline

PublishedJan 3

Latest updateApr 29

Description

A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDgfi/mailsecurity8.0

▶NVDgfi/mailessentials10.0, 10.1, 9.0+2

Patches

Patch: kbase.gfi.com ↗Patch: kbase.gfi.com ↗

🔴Vulnerability Details

GHSA

GHSA-jm4q-cpwg-j7g7: A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of↗2022-04-29

▶

CVEList

CVE-2004-1312: A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of↗2005-01-06

▶