Antivirus Protection Bypass in Sophos Products
CVE-2004-0937

Currently unrated

Key Information:

Vendor: Eset Software
Status: Nod32 Antivirus; Kaspersky Anti-virus; Sophos Small Business Suite; Sophos Anti-virus
Vendor: CVE Published:; 9 February 2005

🔔 Create Eset Software Vulnerability Alert

What is CVE-2004-0937?

Sophos Anti-Virus prior to version 3.87.0 and versions for Windows 95, 98, and Me before 3.88.0 are susceptible to a vulnerability that allows remote attackers to evade antivirus protections. This occurs when a compressed file containing both local and global headers set to zero is utilized, enabling the file to be opened on a targeted system without triggering security mechanisms.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17761

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/968818

third-party-advisoryx_refsource_CERT-VN

http://www.securityfocus.com/bid/11448

vdb-entryx_refsource_BID

EPSS Score

13% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2005
Vulnerability Reserved
Oct 5, 2004

JSON