Описание
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.4.6:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.78:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.78d:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.79:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.80:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.81:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.82:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.83:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.84:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.85:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.86:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.90:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.91:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.95:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.96:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:4.04:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:4.05:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:4.5.3:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:4.5.4:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:4.5.11:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:4.5.12:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:5.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:6.0:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:6.5:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:6.5.4_r2:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:6.5.8:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01341
Низкий
5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
EPSS
Процентиль: 79%
0.01341
Низкий
5 Medium
CVSS2
Дефекты
CWE-20