File Handling Vulnerability in Sophos Small Business Suite for Windows
CVE-2004-0552

Currently unrated

Key Information:

Vendor: Sophos
Status: Small Business Suite
Vendor: CVE Published:; 3 November 2004

Summary

The Sophos Small Business Suite 1.00 on Windows exhibits a vulnerability in its handling of file names containing reserved MS-DOS device names, such as LPT1, COM1, AUX, CON, and PRN. This oversight can permit malicious code to evade detection during installation, copying, or execution, posing risks to system integrity and data security. Effective mitigations must be implemented to prevent exploitation of this weakness.

References

http://www.idefense.com/application/poi/display?id=143&ty...

third-party-advisoryx_refsource_IDEFENSE

http://www.seifried.org/security/advisories/kssa-005.html

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/17468

vdb-entryx_refsource_XF

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 3, 2004
Vulnerability Reserved
Jun 11, 2004