CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
81.6%
A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
Vendor | Product | Version | CPE |
---|---|---|---|
gfi | mailessentials | 9.0 | cpe:2.3:a:gfi:mailessentials:9.0:*:exchange_smtp:*:*:*:*:* |
gfi | mailessentials | 10.0 | cpe:2.3:a:gfi:mailessentials:10.0:*:exchange_smtp:*:*:*:*:* |
gfi | mailessentials | 10.1 | cpe:2.3:a:gfi:mailessentials:10.1:*:exchange_smtp:*:*:*:*:* |
gfi | mailsecurity | 8.0 | cpe:2.3:a:gfi:mailsecurity:8.0:*:exchange_smtp:*:*:*:*:* |