CVE-2004-1312

Name of the Vulnerable Software and Affected Versions Microsoft HTML library (affected versions not specified) GFI MailEssentials for Exchange versions 9 and 10 GFI MailSecurity for Exchange version 8

Description A bug in the HTML parser of a Microsoft HTML library may allow remote attackers to cause a denial of service via certain strings. This issue has been reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, resulting in emails remaining in IIS or Exchange mail queues.

Recommendations For GFI MailEssentials for Exchange versions 9 and 10, consider implementing input validation to prevent malicious strings from being processed. For GFI MailSecurity for Exchange version 8, restrict the processing of emails that contain potentially malicious HTML content. At the moment, there is no information about a newer version that contains a fix for this vulnerability.