CVE-2024-10635 Information

Description

Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client the malicious attachment could cause partial loss of integrity and confidentiality to their system.

Reference

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0002