CVE-2007-4787

EPSS 1.34%
Veröffentlicht 10.09.2007 21:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sophos ≫ Scanning Engine Version2.30.4

Sophos ≫ Sophos Anti-virus Version3.4.6

Sophos ≫ Sophos Anti-virus Version3.78

Sophos ≫ Sophos Anti-virus Version3.78d

Sophos ≫ Sophos Anti-virus Version3.79

Sophos ≫ Sophos Anti-virus Version3.80

Sophos ≫ Sophos Anti-virus Version3.81

Sophos ≫ Sophos Anti-virus Version3.82

Sophos ≫ Sophos Anti-virus Version3.83

Sophos ≫ Sophos Anti-virus Version3.84

Sophos ≫ Sophos Anti-virus Version3.85

Sophos ≫ Sophos Anti-virus Version3.86

Sophos ≫ Sophos Anti-virus Version3.90

Sophos ≫ Sophos Anti-virus Version3.91

Sophos ≫ Sophos Anti-virus Version3.95

Sophos ≫ Sophos Anti-virus Version3.96

Sophos ≫ Sophos Anti-virus Version4.04

Sophos ≫ Sophos Anti-virus Version4.05

Sophos ≫ Sophos Anti-virus Version4.5.3

Sophos ≫ Sophos Anti-virus Version4.5.4

Sophos ≫ Sophos Anti-virus Version4.5.11

Sophos ≫ Sophos Anti-virus Version4.5.12

Sophos ≫ Sophos Anti-virus Version4.7.1

Sophos ≫ Sophos Anti-virus Version4.7.2

Sophos ≫ Sophos Anti-virus Version5.0.1

Sophos ≫ Sophos Anti-virus Version5.0.2

Sophos ≫ Sophos Anti-virus Version5.0.4

Sophos ≫ Sophos Anti-virus Version5.1

Sophos ≫ Sophos Anti-virus Version5.2.0

Sophos ≫ Sophos Anti-virus Version5.2.1

Sophos ≫ Sophos Anti-virus Version6.0

Sophos ≫ Sophos Anti-virus Version6.5

Sophos ≫ Sophos Anti-virus Version6.5.4_r2

Sophos ≫ Sophos Anti-virus Version6.5.8

Sophos ≫ Sophos Anti-virus Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.34%	0.782

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/37988

http://secunia.com/advisories/26726

http://www.securityfocus.com/bid/25574

http://www.sophos.com/support/knowledgebase/article/29146.html

Patch

http://www.vupen.com/english/advisories/2007/3078

https://exchange.xforce.ibmcloud.com/vulnerabilities/36502

https://nvd.nist.gov/vuln/detail/CVE-2007-4787

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4787

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4787

EUVD