CVE-2004-1312

Description

A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.

Affected products

• GFI / MailEssentials9.0 – 9.0
• GFI / MailEssentials10.0 – 10.0
• GFI / MailEssentials10.1 – 10.1
• GFI / mailsecurity8.0 – 8.0

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/13708
• MISChttp://www.securityfocus.com/bid/12148
• MISChttp://www.csis.dk/default.asp?m=1&a=194
• MISChttp://kbase.gfi.com/showarticle.asp?id=KBID002249