CVE-2008-7105

Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/30881
http://www.sophos.com/support/knowledgebase/article/44385.html	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52925
http://www.securityfocus.com/bid/30881
http://www.sophos.com/support/knowledgebase/article/44385.html	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52925

Configurations

Configuration 1 (hide)

cpe:2.3:a:sophos:puremessage_for_microsoft_exchange:3.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-08-27 20:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-7105

Mitre link : CVE-2008-7105

CVE.ORG link : CVE-2008-7105

JSON object : View

Products Affected

sophos

puremessage_for_microsoft_exchange

CWE

NVD-CWE-Other

{"id": "CVE-2008-7105", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-08-27T20:30:00.627", "references": [{"url": "http://www.securityfocus.com/bid/30881", "source": "cve@mitre.org"}, {"url": "http://www.sophos.com/support/knowledgebase/article/44385.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52925", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30881", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.sophos.com/support/knowledgebase/article/44385.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52925", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104."}, {"lang": "es", "value": "PureMessage de Sophos para Microsoft Exchange versiones 3.0 anteriores a 3.0.2, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (terminaci\u00f3n del archivo EdgeTransport.exe) por medio de un mensaje codificado TNEF con un cuerpo de texto rico dise\u00f1ado que no se maneja apropiadamente durante la conversi\u00f3n a texto plano. NOTA: esto podr\u00eda estar relacionado con CVE-2008-7104."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sophos:puremessage_for_microsoft_exchange:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C485701C-D42E-4E4C-8A45-A9AB24B55ADD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}