CVE-2007-4512

Currently unrated

Key Information:

Vendor: Sophos
Status: Anti-virus
Vendor: CVE Published:; 10 September 2007

Summary

Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe.

References

http://securityreason.com/securityalert/3107

third-party-advisoryx_refsource_SREASON

http://www.vupen.com/english/advisories/2007/3077

vdb-entryx_refsource_VUPEN

http://www.sophos.com/support/knowledgebase/article/29150...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 10, 2007
Vulnerability Reserved
Aug 23, 2007