Lucene search
MitreCVE-2007-4787HistorySep 10, 2007 - 9:17 p.m.
CVE-2007-4787
2007-09-1021:17:00
CWE-20
mitre
web.nvd.nist.gov
27
virus detection engine
sophos anti-virus
file processing
malware detection
cve-2007-4787
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.094
Percentile
94.8%
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
Affected configurations
Node
sophosscanning_engineMatch2.30.4
ORsophossophos_anti-virusMatch3.4.6
ORsophossophos_anti-virusMatch3.78
ORsophossophos_anti-virusMatch3.78d
ORsophossophos_anti-virusMatch3.79
ORsophossophos_anti-virusMatch3.80
ORsophossophos_anti-virusMatch3.81
ORsophossophos_anti-virusMatch3.82
ORsophossophos_anti-virusMatch3.83
ORsophossophos_anti-virusMatch3.84
ORsophossophos_anti-virusMatch3.85
ORsophossophos_anti-virusMatch3.86
ORsophossophos_anti-virusMatch3.90
ORsophossophos_anti-virusMatch3.91
ORsophossophos_anti-virusMatch3.95
ORsophossophos_anti-virusMatch3.96
ORsophossophos_anti-virusMatch4.04
ORsophossophos_anti-virusMatch4.05
ORsophossophos_anti-virusMatch4.5.3
ORsophossophos_anti-virusMatch4.5.4
ORsophossophos_anti-virusMatch4.5.11
ORsophossophos_anti-virusMatch4.5.12
ORsophossophos_anti-virusMatch4.7.1
ORsophossophos_anti-virusMatch4.7.2
ORsophossophos_anti-virusMatch5.0.1
ORsophossophos_anti-virusMatch5.0.2
ORsophossophos_anti-virusMatch5.0.4
ORsophossophos_anti-virusMatch5.1
ORsophossophos_anti-virusMatch5.2.0
ORsophossophos_anti-virusMatch5.2.1
ORsophossophos_anti-virusMatch6.0
ORsophossophos_anti-virusMatch6.5
ORsophossophos_anti-virusMatch6.5.4_r2
ORsophossophos_anti-virusMatch6.5.8
ORsophossophos_anti-virusMatch7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sophos | scanning_engine | 2.30.4 | cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:* |
| sophos | sophos_anti-virus | 3.4.6 | cpe:2.3:a:sophos:sophos_anti-virus:3.4.6:*:*:*:*:*:*:* |
| sophos | sophos_anti-virus | 3.78 | cpe:2.3:a:sophos:sophos_anti-virus:3.78:*:*:*:*:*:*:* |
| sophos | sophos_anti-virus | 3.78d | cpe:2.3:a:sophos:sophos_anti-virus:3.78d:*:*:*:*:*:*:* |
| sophos | sophos_anti-virus | 3.79 | cpe:2.3:a:sophos:sophos_anti-virus:3.79:*:*:*:*:*:*:* |
| sophos | sophos_anti-virus | 3.80 | cpe:2.3:a:sophos:sophos_anti-virus:3.80:*:*:*:*:*:*:* |
| sophos | sophos_anti-virus | 3.81 | cpe:2.3:a:sophos:sophos_anti-virus:3.81:*:*:*:*:*:*:* |
| sophos | sophos_anti-virus | 3.82 | cpe:2.3:a:sophos:sophos_anti-virus:3.82:*:*:*:*:*:*:* |
| sophos | sophos_anti-virus | 3.83 | cpe:2.3:a:sophos:sophos_anti-virus:3.83:*:*:*:*:*:*:* |
| sophos | sophos_anti-virus | 3.84 | cpe:2.3:a:sophos:sophos_anti-virus:3.84:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2007-4787
2007-09-10 21:00:00
nvd
nvd
CVE-2007-4787
2007-09-10 21:17:00
prion
prion
Design/Logic Flaw
2007-09-10 21:17:00
nessus
nessus
Sophos Anti-Virus CAB, RAR and LZH Scanning Evasion
2007-09-07 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.094
Percentile
94.8%
Related for CVE-2007-4787