Remote File Execution Vulnerability in Sophos Antivirus Software
CVE-2005-3382

Currently unrated

Key Information:

Vendor: Sophos
Status: Sophos Anti-virus
Vendor: CVE Published:; 30 October 2005

Summary

The vulnerability in Sophos Antivirus 3.91, related to an error in file interpretation, enables attackers to bypass the virus scanning mechanism. Specifically, files with an 'MZ' magic byte sequence, typically indicative of executable files, may be misclassified as safe types. This flaw allows malicious files with HTML, BAT, or EML contents to evade detection, potentially leading to execution on the system. An example of this exploit is demonstrated through a 'triple headed' program containing mixed file types, which illustrates the risk posed by this magic byte issue. Organizations using affected versions of Sophos should consider implementing stricter file type controls and scanning mechanisms.

References

http://www.securityfocus.com/bid/15189

vdb-entryx_refsource_BID

http://www.securityelf.org/magicbyte.html

x_refsource_MISC

http://www.securityelf.org/magicbyteadv.html

x_refsource_MISC

Timeline

Vulnerability published
Oct 30, 2005
Vulnerability Reserved
Oct 29, 2005