Sophos » Small Business Suite : Security Vulnerabilities, CVEs,

CVE-2007-4578

Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.
Max CVSS
6.8
EPSS Score
11.42%
Published
2007-08-28
Updated
2018-10-15

CVE-2007-4577

Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
Max CVSS
7.8
EPSS Score
4.49%
Published
2007-08-28
Updated
2018-10-15

CVE-2004-0552

Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.
Max CVSS
7.5
EPSS Score
84.26%
Published
2004-11-03
Updated
2017-07-11
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close