• IDP Daily Update #1312
  posted: 11/18/08
  
• NSM Daily Update #1312
  posted: 11/18/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1312
  posted: 11/18/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
  posted: 11/18/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 11/17/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: PureMessage for Microsoft Exchange RTF Multiple Denial Of Service Vulnerabilities

Severity: MODERATE

Description:

PureMessage for Microsoft Exchange is an email scanning and filtering product for Microsoft Exchange.

PureMessage for Microsoft Exchange is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly process certain messages.

The following denial-of-service vulnerabilities are present:

1. Sophos PureMessage Scanner service ('PMScanner.exe') may crash when processing certain PDF and rich text (RTF) files.

2. The process 'EdgeTransport.exe' may crash when PureMessage modifies the RTF content of TNEF-encoded messages.

An attacker may exploit these issues to crash the affected application, denying service to legitimate users.

PureMessage 3.0 is vulnerable; other versions may also be affected.

Affected Products:

• Sophos PureMessage for Microsoft Exchange 3.0

References:

• Sophos: Advisory: PureMessage for Microsoft Exchange, version 3.0, updating to version 3
• Sophos: PureMessage for Microsoft Exchange Homepage