Vulnerabilities > Sophos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-10 | CVE-2007-4512 | Cross-Site Scripting vulnerability in Sophos Anti-Virus Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. | 4.3 |
| 2007-08-28 | CVE-2007-4578 | Numeric Errors vulnerability in Sophos Anti-Virus, Scanning Engine and Small Business Suite Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". | 6.8 |
| 2007-08-28 | CVE-2007-4577 | Resource Management Errors vulnerability in Sophos Anti-Virus, Scanning Engine and Small Business Suite Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb"). | 7.8 |
| 2006-12-12 | CVE-2006-6335 | Buffer Overflow vulnerability in Sophos Anti-Virus 2.3 Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll. | 10.0 |
| 2006-11-01 | CVE-2006-5647 | Buffer Errors vulnerability in Sophos Anti-Virus and Endpoint Security Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability." | 6.4 |
| 2006-11-01 | CVE-2006-5646 | Buffer Errors vulnerability in Sophos Anti-Virus and Endpoint Security Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0. | 5.0 |
| 2006-11-01 | CVE-2006-5645 | Resource Management Errors vulnerability in Sophos Anti-Virus and Endpoint Security Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero. | 5.0 |
| 2006-11-01 | CVE-2006-4839 | Denial of Service and Memory Corruption vulnerability in Sophos Anti-Virus 5.1 Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. | 5.0 |
| 2006-05-10 | CVE-2006-0994 | Remote Heap Overflow vulnerability in Sophos Anti-Virus CAB File Scanning Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption. | 7.5 |
| 2005-12-31 | CVE-2005-4680 | Remote Security vulnerability in Sophos Anti-Virus Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned. | 5.0 |