Vulnerabilities > Sophos > Sophos Anti Virus

DATE CVE VULNERABILITY TITLE RISK
2012-03-21 CVE-2012-1438 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a certain location.
4.3
2012-03-21 CVE-2012-1431 Permissions, Privileges, and Access Controls vulnerability in multiple products
The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location.
4.3
2012-03-21 CVE-2012-1430 Permissions, Privileges, and Access Controls vulnerability in multiple products
The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location.
4.3
2012-03-21 CVE-2012-1428 Permissions, Privileges, and Access Controls vulnerability in multiple products
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location.
4.3
2012-03-21 CVE-2012-1427 Permissions, Privileges, and Access Controls vulnerability in multiple products
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location.
4.3
2012-03-21 CVE-2012-1424 Permissions, Privileges, and Access Controls vulnerability in multiple products
The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \19\04\00\10 character sequence at a certain location.
4.3
2008-07-15 CVE-2008-3177 Configuration vulnerability in Sophos products
Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments.
network
low complexity
sophos CWE-16
5.0
2007-09-10 CVE-2007-4787 Improper Input Validation vulnerability in Sophos Scanning Engine and Sophos Anti-Virus
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
network
low complexity
sophos CWE-20
5.0
2006-12-12 CVE-2006-6335 Buffer Overflow vulnerability in Sophos Anti-Virus 2.3
Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll.
network
low complexity
sophos
critical
10.0
2006-11-01 CVE-2006-4839 Denial of Service and Memory Corruption vulnerability in Sophos Anti-Virus 5.1
Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
network
low complexity
sophos
5.0