File Handling Vulnerability in Sophos Small Business Suite for Windows
CVE-2004-0552

Currently unrated

Key Information:

Vendor
Sophos
Vendor
CVE Published:
3 November 2004

Summary

The Sophos Small Business Suite 1.00 on Windows exhibits a vulnerability in its handling of file names containing reserved MS-DOS device names, such as LPT1, COM1, AUX, CON, and PRN. This oversight can permit malicious code to evade detection during installation, copying, or execution, posing risks to system integrity and data security. Effective mitigations must be implemented to prevent exploitation of this weakness.

References

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.