CVE-2007-4787

EPSS 1.34%
Published 10.09.2007 21:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Sophos ≫ Scanning Engine Version2.30.4

Sophos ≫ Sophos Anti-virus Version3.4.6

Sophos ≫ Sophos Anti-virus Version3.78

Sophos ≫ Sophos Anti-virus Version3.78d

Sophos ≫ Sophos Anti-virus Version3.79

Sophos ≫ Sophos Anti-virus Version3.80

Sophos ≫ Sophos Anti-virus Version3.81

Sophos ≫ Sophos Anti-virus Version3.82

Sophos ≫ Sophos Anti-virus Version3.83

Sophos ≫ Sophos Anti-virus Version3.84

Sophos ≫ Sophos Anti-virus Version3.85

Sophos ≫ Sophos Anti-virus Version3.86

Sophos ≫ Sophos Anti-virus Version3.90

Sophos ≫ Sophos Anti-virus Version3.91

Sophos ≫ Sophos Anti-virus Version3.95

Sophos ≫ Sophos Anti-virus Version3.96

Sophos ≫ Sophos Anti-virus Version4.04

Sophos ≫ Sophos Anti-virus Version4.05

Sophos ≫ Sophos Anti-virus Version4.5.3

Sophos ≫ Sophos Anti-virus Version4.5.4

Sophos ≫ Sophos Anti-virus Version4.5.11

Sophos ≫ Sophos Anti-virus Version4.5.12

Sophos ≫ Sophos Anti-virus Version4.7.1

Sophos ≫ Sophos Anti-virus Version4.7.2

Sophos ≫ Sophos Anti-virus Version5.0.1

Sophos ≫ Sophos Anti-virus Version5.0.2

Sophos ≫ Sophos Anti-virus Version5.0.4

Sophos ≫ Sophos Anti-virus Version5.1

Sophos ≫ Sophos Anti-virus Version5.2.0

Sophos ≫ Sophos Anti-virus Version5.2.1

Sophos ≫ Sophos Anti-virus Version6.0

Sophos ≫ Sophos Anti-virus Version6.5

Sophos ≫ Sophos Anti-virus Version6.5.4_r2

Sophos ≫ Sophos Anti-virus Version6.5.8

Sophos ≫ Sophos Anti-virus Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.34%	0.782

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/37988

http://secunia.com/advisories/26726

http://www.securityfocus.com/bid/25574

http://www.sophos.com/support/knowledgebase/article/29146.html

Patch

http://www.vupen.com/english/advisories/2007/3078

https://exchange.xforce.ibmcloud.com/vulnerabilities/36502

https://nvd.nist.gov/vuln/detail/CVE-2007-4787

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4787

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4787

EUVD