Remote Code Execution Risk in Sophos Anti-Virus for Windows and Unix/Linux
CVE-2007-4578

Currently unrated

Key Information:

Vendor
Sophos
Vendor
CVE Published:
28 August 2007

Summary

The vulnerability in Sophos Anti-Virus for Windows and Unix/Linux prior to version 2.48.0 allows remote attackers to exploit a flaw in the handling of UPX packed files. By sending specially crafted files, attackers can induce a denial of service by causing the software to crash. Additionally, the nature of the vulnerability has raised concerns about the potential for arbitrary code execution, suggesting that attackers could leverage this issue to run malicious code on affected systems.

References

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.