Vulnerabilities > Sophos > Medium

DATE CVE VULNERABILITY TITLE RISK
2006-11-01 CVE-2006-5645 Resource Management Errors vulnerability in Sophos Anti-Virus and Endpoint Security
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero.
network
low complexity
sophos CWE-399
5.0
2006-11-01 CVE-2006-4839 Denial of Service and Memory Corruption vulnerability in Sophos Anti-Virus 5.1
Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
network
low complexity
sophos
5.0
2005-12-31 CVE-2005-4680 Remote Security vulnerability in Sophos Anti-Virus
Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.
network
low complexity
sophos
5.0
2005-10-30 CVE-2005-3382 Unspecified vulnerability in Sophos Anti-Virus 3.91Engine2.28.4
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
network
low complexity
sophos
5.0
2005-10-14 CVE-2005-3216 Security Bypass vulnerability in Sophos Anti-Virus
Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
network
high complexity
sophos
5.1
2005-07-19 CVE-2005-1530 Remote Denial Of Service vulnerability in Sophos Anti-Virus BZip2 Archive Handling
Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.
network
low complexity
sophos
5.0
2005-05-14 CVE-2005-1551 Denial-Of-Service vulnerability in Sophos Anti-Virus 3.93
Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot.
network
high complexity
sophos
5.1
2004-12-31 CVE-2004-2075 Denial Of Service vulnerability in Sophos Anti-Virus MIME Header Handling
Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.
network
low complexity
sophos
5.0
2004-02-12 CVE-2004-2088 Unspecified vulnerability in Sophos Anti-Virus 3.4.6/3.78
Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
network
low complexity
sophos
5.0