CVE-2007-4578

Currently unrated

Key Information:

Vendor
Sophos
Status
Anti-virus
Small Business Suite
Scanning Engine
Vendor
CVE Published:
28 August 2007

Summary

Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.

References

http://www.vupen.com/english/advisories/2007/2972
vdb-entryx_refsource_VUPEN
http://www.nruns.com/security_advisory_sophos_upx_infinit...
x_refsource_MISC
http://www.securityfocus.com/bid/25428
vdb-entryx_refsource_BID

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.