CVE-2008-7105 - Vulnerability Details - OpenCVE

Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sophos	Puremessage For Microsoft Exchange

Configuration 1 [-]

cpe:2.3:a:sophos:puremessage_for_microsoft_exchange:3.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/30881
http://www.sophos.com/support/knowledgebase/article/44385.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/52925

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-27T20:00:00

Updated: 2024-08-07T11:56:14.109Z

Reserved: 2009-08-27T00:00:00

Link: CVE-2008-7105

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-08-27T20:30:00.627

Modified: 2024-11-21T00:58:17.247

Link: CVE-2008-7105

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-28T00:00:00", "descriptions": [{"lang": "en", "value": "Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30881", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30881"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sophos.com/support/knowledgebase/article/44385.html"}, {"name": "puremessage-edgetransport-dos(52925)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52925"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-7105", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30881", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30881"}, {"name": "http://www.sophos.com/support/knowledgebase/article/44385.html", "refsource": "CONFIRM", "url": "http://www.sophos.com/support/knowledgebase/article/44385.html"}, {"name": "puremessage-edgetransport-dos(52925)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52925"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:56:14.109Z"}, "title": "CVE Program Container", "references": [{"name": "30881", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30881"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sophos.com/support/knowledgebase/article/44385.html"}, {"name": "puremessage-edgetransport-dos(52925)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52925"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-7105", "datePublished": "2009-08-27T20:00:00", "dateReserved": "2009-08-27T00:00:00", "dateUpdated": "2024-08-07T11:56:14.109Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sophos:puremessage_for_microsoft_exchange:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C485701C-D42E-4E4C-8A45-A9AB24B55ADD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104."}, {"lang": "es", "value": "PureMessage de Sophos para Microsoft Exchange versiones 3.0 anteriores a 3.0.2, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (terminaci\u00f3n del archivo EdgeTransport.exe) por medio de un mensaje codificado TNEF con un cuerpo de texto rico dise\u00f1ado que no se maneja apropiadamente durante la conversi\u00f3n a texto plano. NOTA: esto podr\u00eda estar relacionado con CVE-2008-7104."}], "id": "CVE-2008-7105", "lastModified": "2024-11-21T00:58:17.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-27T20:30:00.627", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30881"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.sophos.com/support/knowledgebase/article/44385.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52925"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.sophos.com/support/knowledgebase/article/44385.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52925"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}