Cross-Site Scripting Vulnerability in Sophos Anti-Virus for Windows
CVE-2007-4512

Currently unrated

Key Information:

Vendor
Sophos
Vendor
CVE Published:
10 September 2007

Summary

A cross-site scripting vulnerability exists in Sophos Anti-Virus for Windows versions prior to 6.5.8 and 7.0.1. This flaw allows remote attackers to execute arbitrary web scripts or HTML via a specially crafted archive containing a file that matches a virus signature. The issue arises from the improper handling of certain filenames in the print functionality of SavMain.exe, which can lead to harmful scripts being executed in the context of the user's browser.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.