5
CVE-2007-4787
- EPSS 5.67%
- Veröffentlicht 10.09.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sophos ≫ Scanning Engine Version2.30.4
Sophos ≫ Sophos Anti-virus Version3.4.6
Sophos ≫ Sophos Anti-virus Version3.78
Sophos ≫ Sophos Anti-virus Version3.78d
Sophos ≫ Sophos Anti-virus Version3.79
Sophos ≫ Sophos Anti-virus Version3.80
Sophos ≫ Sophos Anti-virus Version3.81
Sophos ≫ Sophos Anti-virus Version3.82
Sophos ≫ Sophos Anti-virus Version3.83
Sophos ≫ Sophos Anti-virus Version3.84
Sophos ≫ Sophos Anti-virus Version3.85
Sophos ≫ Sophos Anti-virus Version3.86
Sophos ≫ Sophos Anti-virus Version3.90
Sophos ≫ Sophos Anti-virus Version3.91
Sophos ≫ Sophos Anti-virus Version3.95
Sophos ≫ Sophos Anti-virus Version3.96
Sophos ≫ Sophos Anti-virus Version4.04
Sophos ≫ Sophos Anti-virus Version4.05
Sophos ≫ Sophos Anti-virus Version4.5.3
Sophos ≫ Sophos Anti-virus Version4.5.4
Sophos ≫ Sophos Anti-virus Version4.5.11
Sophos ≫ Sophos Anti-virus Version4.5.12
Sophos ≫ Sophos Anti-virus Version4.7.1
Sophos ≫ Sophos Anti-virus Version4.7.2
Sophos ≫ Sophos Anti-virus Version5.0.1
Sophos ≫ Sophos Anti-virus Version5.0.2
Sophos ≫ Sophos Anti-virus Version5.0.4
Sophos ≫ Sophos Anti-virus Version5.1
Sophos ≫ Sophos Anti-virus Version5.2.0
Sophos ≫ Sophos Anti-virus Version5.2.1
Sophos ≫ Sophos Anti-virus Version6.0
Sophos ≫ Sophos Anti-virus Version6.5
Sophos ≫ Sophos Anti-virus Version6.5.4_r2
Sophos ≫ Sophos Anti-virus Version6.5.8
Sophos ≫ Sophos Anti-virus Version7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.67% | 0.92 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://osvdb.org/37988
http://secunia.com/advisories/26726
http://www.securityfocus.com/bid/25574
http://www.sophos.com/support/knowledgebase/article/29146.html
http://www.vupen.com/english/advisories/2007/3078
https://exchange.xforce.ibmcloud.com/vulnerabilities/36502