Denial of Service Vulnerability in Sophos PureMessage for Microsoft Exchange
CVE-2008-7104

Currently unrated

Key Information:

Vendor: Sophos
Status: Puremessage For Microsoft Exchange
Vendor: CVE Published:; 27 August 2009

Summary

The Sophos PureMessage Scanner service, specifically PMScanner.exe, in versions prior to 3.0.2 is vulnerable to a Denial of Service (DoS) attack. Remote attackers can exploit this vulnerability by sending specially crafted Rich Text Format (RTF) or Portable Document Format (PDF) files, resulting in message queue delays and incomplete updates of the spam rule database. This vulnerability can severely impact the efficiency and responsiveness of the email security services provided by Sophos PureMessage.

References

http://www.securityfocus.com/bid/30881

vdb-entryx_refsource_BID

http://www.sophos.com/support/knowledgebase/article/44385...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/44775

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 27, 2009
Vulnerability Reserved
Aug 27, 2009