Vulnerabilities > Sophos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-27 | CVE-2008-7106 | Unspecified vulnerability in Sophos Puremessage for Microsoft Exchange 3.0 The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay). | 5.0 |
| 2009-08-27 | CVE-2008-7105 | Denial Of Service vulnerability in Sophos Puremessage for Microsoft Exchange 3.0 Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. | 5.0 |
| 2009-08-27 | CVE-2008-7104 | Denial Of Service vulnerability in Sophos Puremessage for Microsoft Exchange 3.0 Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file. | 5.0 |
| 2009-08-06 | CVE-2008-6904 | File Processing Remote Denial Of Service vulnerability in Sophos Anti-Virus and Anti-Virus7.6.3 Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE. | 10.0 |
| 2009-08-06 | CVE-2008-6903 | Resource Management Errors vulnerability in Sophos Anti-Virus and Anti-Virus7.6.3 Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. | 4.3 |
| 2008-12-12 | CVE-2008-5541 | Improper Input Validation vulnerability in Sophos Anti-Virus 4.33.0 Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
| 2008-07-15 | CVE-2008-3177 | Configuration vulnerability in Sophos products Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments. | 5.0 |
| 2008-04-30 | CVE-2008-1737 | Improper Input Validation vulnerability in Sophos Anti-Virus 7.0.5 Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function. | 6.9 |
| 2008-02-20 | CVE-2008-0838 | Cross-Site Scripting vulnerability in Sophos Es1000 and Es4000 Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page. | 4.3 |
| 2007-09-10 | CVE-2007-4787 | Improper Input Validation vulnerability in Sophos Scanning Engine and Sophos Anti-Virus The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection. | 5.0 |