A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mailessentials | Gfi | 9.0 (including) | 9.0 (including) |
| Mailessentials | Gfi | 10.0 (including) | 10.0 (including) |
| Mailessentials | Gfi | 10.1 (including) | 10.1 (including) |
| Mailsecurity | Gfi | 8.0 (including) | 8.0 (including) |
References
- http://kbase.gfi.com/showarticle.asp?id=KBID002249
- http://secunia.com/advisories/13708
- http://www.csis.dk/default.asp?m=1\u0026a=194
- http://www.securityfocus.com/bid/12148
- http://kbase.gfi.com/showarticle.asp?id=KBID002249
- http://secunia.com/advisories/13708
- http://www.csis.dk/default.asp?m=1\u0026a=194
- http://www.securityfocus.com/bid/12148