CVE-2004-1312 - OpenCVE

A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Gfi	Mailsecurity Mailessentials

Configuration 1 [-]

OR	cpe:2.3:a:gfi:mailessentials:9.0::exchange_smtp:::::
	cpe:2.3:a:gfi:mailessentials:10.0::exchange_smtp:::::
	cpe:2.3:a:gfi:mailessentials:10.1::exchange_smtp:::::
	cpe:2.3:a:gfi:mailsecurity:8.0::exchange_smtp:::::

References

Link	Resource
http://kbase.gfi.com/showarticle.asp?id=KBID002249	Patch Vendor Advisory
http://secunia.com/advisories/13708
http://www.csis.dk/default.asp?m=1&a=194	Vendor Advisory
http://www.securityfocus.com/bid/12148

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-01-06T05:00:00

Updated: 2006-01-12T10:00:00

Reserved: 2004-12-21T00:00:00

Link: CVE-2004-1312

JSON object: View

NVD Information

Status : Analyzed

Published: 2005-01-03T05:00:00.000

Modified: 2008-09-05T20:40:57.997

Link: CVE-2004-1312

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-01-03T00:00:00", "descriptions": [{"lang": "en", "value": "A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-01-12T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "13708", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/13708"}, {"name": "12148", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12148"}, {"tags": ["x_refsource_MISC"], "url": "http://www.csis.dk/default.asp?m=1&a=194"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kbase.gfi.com/showarticle.asp?id=KBID002249"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1312", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "13708", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13708"}, {"name": "12148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12148"}, {"name": "http://www.csis.dk/default.asp?m=1&a=194", "refsource": "MISC", "url": "http://www.csis.dk/default.asp?m=1&a=194"}, {"name": "http://kbase.gfi.com/showarticle.asp?id=KBID002249", "refsource": "CONFIRM", "url": "http://kbase.gfi.com/showarticle.asp?id=KBID002249"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1312", "datePublished": "2005-01-06T05:00:00", "dateReserved": "2004-12-21T00:00:00", "dateUpdated": "2006-01-12T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gfi:mailessentials:9.0:*:exchange_smtp:*:*:*:*:*", "matchCriteriaId": "F3462301-EA9D-4C0B-B1A0-84DD4B820694", "vulnerable": true}, {"criteria": "cpe:2.3:a:gfi:mailessentials:10.0:*:exchange_smtp:*:*:*:*:*", "matchCriteriaId": "F14F6467-7AE0-4C46-B6D2-0E5F549323D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gfi:mailessentials:10.1:*:exchange_smtp:*:*:*:*:*", "matchCriteriaId": "892E89FE-7EFB-4AC8-90A8-36E5CD214E05", "vulnerable": true}, {"criteria": "cpe:2.3:a:gfi:mailsecurity:8.0:*:exchange_smtp:*:*:*:*:*", "matchCriteriaId": "4B4B0B29-A1FF-4601-A680-423912279A3D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues."}], "id": "CVE-2004-1312", "lastModified": "2008-09-05T20:40:57.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-01-03T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://kbase.gfi.com/showarticle.asp?id=KBID002249"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/13708"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.csis.dk/default.asp?m=1&a=194"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/12148"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}