CVE-2004-0552 - Unspecified vulnerability in Sophos Small Business Suite

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionSophos Anti-Virus 3.x Reserved MS-DOS Name Scan Evasion Vulnerability. CVE-2004-0552. Remote exploit for windows platform
idEDB-ID:24623
last seen2016-02-02
modified2004-09-22
published2004-09-22
reporterKurt Seifried
sourcehttps://www.exploit-db.com/download/24623/
titleSophos Anti-Virus 3.x - Reserved MS-DOS Name Scan Evasion Vulnerability

Refmap

idefense20040922 Sophos Small Business Suite Reserved Device Name Handling Vulnerability
mischttp://www.seifried.org/security/advisories/kssa-005.html
xfsophos-business-security-bypass(17468)