Remote Code Execution Risk in Sophos Anti-Virus for Windows and Unix/Linux
CVE-2007-4578
Currently unrated
Key Information:
- Vendor
- Sophos
- Vendor
- CVE Published:
- 28 August 2007
Summary
The vulnerability in Sophos Anti-Virus for Windows and Unix/Linux prior to version 2.48.0 allows remote attackers to exploit a flaw in the handling of UPX packed files. By sending specially crafted files, attackers can induce a denial of service by causing the software to crash. Additionally, the nature of the vulnerability has raised concerns about the potential for arbitrary code execution, suggesting that attackers could leverage this issue to run malicious code on affected systems.
References
EPSS Score
8% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved