CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
94.8%
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
Vendor | Product | Version | CPE |
---|---|---|---|
sophos | scanning_engine | 2.30.4 | cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:* |
sophos | sophos_anti-virus | 3.4.6 | cpe:2.3:a:sophos:sophos_anti-virus:3.4.6:*:*:*:*:*:*:* |
sophos | sophos_anti-virus | 3.78 | cpe:2.3:a:sophos:sophos_anti-virus:3.78:*:*:*:*:*:*:* |
sophos | sophos_anti-virus | 3.78d | cpe:2.3:a:sophos:sophos_anti-virus:3.78d:*:*:*:*:*:*:* |
sophos | sophos_anti-virus | 3.79 | cpe:2.3:a:sophos:sophos_anti-virus:3.79:*:*:*:*:*:*:* |
sophos | sophos_anti-virus | 3.80 | cpe:2.3:a:sophos:sophos_anti-virus:3.80:*:*:*:*:*:*:* |
sophos | sophos_anti-virus | 3.81 | cpe:2.3:a:sophos:sophos_anti-virus:3.81:*:*:*:*:*:*:* |
sophos | sophos_anti-virus | 3.82 | cpe:2.3:a:sophos:sophos_anti-virus:3.82:*:*:*:*:*:*:* |
sophos | sophos_anti-virus | 3.83 | cpe:2.3:a:sophos:sophos_anti-virus:3.83:*:*:*:*:*:*:* |
sophos | sophos_anti-virus | 3.84 | cpe:2.3:a:sophos:sophos_anti-virus:3.84:*:*:*:*:*:*:* |