Denial of Service Vulnerability in Sophos PureMessage for Microsoft Exchange
CVE-2008-7105

Currently unrated

Key Information:

Vendor: Sophos
Status: Puremessage For Microsoft Exchange
Vendor: CVE Published:; 27 August 2009

Summary

A denial of service vulnerability exists in Sophos PureMessage for Microsoft Exchange 3.0 prior to version 3.0.2, where remote attackers can exploit the application's inability to properly handle TNEF-encoded messages. By sending a crafted rich text body, the attackers can trigger a termination of the EdgeTransport.exe process, disrupting services reliant on this application.

References

http://www.securityfocus.com/bid/30881

vdb-entryx_refsource_BID

http://www.sophos.com/support/knowledgebase/article/44385...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/52925

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 27, 2009
Vulnerability Reserved
Aug 27, 2009