Remote Code Execution Risk in Sophos Anti-Virus for Windows and Unix/Linux
CVE-2007-4578

Currently unrated

Key Information:

Vendor: Sophos
Status: Anti-virus; Small Business Suite; Scanning Engine
Vendor: CVE Published:; 28 August 2007

Summary

The vulnerability in Sophos Anti-Virus for Windows and Unix/Linux prior to version 2.48.0 allows remote attackers to exploit a flaw in the handling of UPX packed files. By sending specially crafted files, attackers can induce a denial of service by causing the software to crash. Additionally, the nature of the vulnerability has raised concerns about the potential for arbitrary code execution, suggesting that attackers could leverage this issue to run malicious code on affected systems.

References

http://www.vupen.com/english/advisories/2007/2972

vdb-entryx_refsource_VUPEN

http://www.nruns.com/security_advisory_sophos_upx_infinit...

x_refsource_MISC

http://www.securityfocus.com/bid/25428

vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 28, 2007
Vulnerability Reserved
Aug 28, 2007