Cross-Site Scripting Vulnerability in Sophos Anti-Virus for Windows
CVE-2007-4512

Currently unrated

Key Information:

Vendor: Sophos
Status: Anti-virus
Vendor: CVE Published:; 10 September 2007

Summary

A cross-site scripting vulnerability exists in Sophos Anti-Virus for Windows versions prior to 6.5.8 and 7.0.1. This flaw allows remote attackers to execute arbitrary web scripts or HTML via a specially crafted archive containing a file that matches a virus signature. The issue arises from the improper handling of certain filenames in the print functionality of SavMain.exe, which can lead to harmful scripts being executed in the context of the user's browser.

References

http://securityreason.com/securityalert/3107

third-party-advisoryx_refsource_SREASON

http://www.vupen.com/english/advisories/2007/3077

vdb-entryx_refsource_VUPEN

http://www.sophos.com/support/knowledgebase/article/29150...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 10, 2007
Vulnerability Reserved
Aug 23, 2007