Malware Detection Bypass in Sophos Anti-Virus via Internet Explorer
CVE-2008-5541

Currently unrated

Key Information:

Vendor: Sophos
Status: Anti-virus
Vendor: CVE Published:; 12 December 2008

Summary

A security flaw in Sophos Anti-Virus version 4.33.0 allows remote attackers to avoid detection of malware embedded in HTML documents when using Internet Explorer 6 or 7. By inserting an MZ header at the beginning of the document and altering the file extension to either none, .txt, or .jpg, malicious code can exploit this vulnerability. This could potentially expose users to various security threats, as the antivirus software fails to identify the malicious intent of the web page.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/47435

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/4723

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/499043/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Dec 12, 2008
Vulnerability Reserved
Dec 12, 2008