Vulnerabilities > CVE-2004-0552 - Unspecified vulnerability in Sophos Small Business Suite

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
sophos
exploit available

Summary

Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.

Vulnerable Configurations

Part Description Count
Application
Sophos
1

Exploit-Db

descriptionSophos Anti-Virus 3.x Reserved MS-DOS Name Scan Evasion Vulnerability. CVE-2004-0552. Remote exploit for windows platform
idEDB-ID:24623
last seen2016-02-02
modified2004-09-22
published2004-09-22
reporterKurt Seifried
sourcehttps://www.exploit-db.com/download/24623/
titleSophos Anti-Virus 3.x - Reserved MS-DOS Name Scan Evasion Vulnerability