CVE-2007-4787
https://notcve.org/view.php?id=CVE-2007-4787
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection. El motor de detección de virus en Sophos Anti-Virus anterior a 2.49.0 no procesa adecuadamente los archivos malformados (1) CAB, (2) LZH, y (3) RAR con cabeceras modificadas, lo cual podría permitir a atacantes remotos evitar la detección de código malicioso. • http://osvdb.org/37988 http://secunia.com/advisories/26726 http://www.securityfocus.com/bid/25574 http://www.sophos.com/support/knowledgebase/article/29146.html http://www.vupen.com/english/advisories/2007/3078 https://exchange.xforce.ibmcloud.com/vulnerabilities/36502 • CWE-20: Improper Input Validation •
CVE-2006-4839
https://notcve.org/view.php?id=CVE-2006-4839
Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. Sophos Anti-Virus 5.1 permite a atacantes remotos provocar una denegación de servicio (agotamiento de memoria) mediante un fichero comprimido con Petite que contiene un gran número de secciones. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=438 http://secunia.com/advisories/22635 http://securitytracker.com/id?1017132 http://www.securityfocus.com/bid/20816 http://www.sophos.com/support/knowledgebase/article/7609.html http://www.vupen.com/english/advisories/2006/4239 https://exchange.xforce.ibmcloud.com/vulnerabilities/29918 •
CVE-2006-0994 – Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-0994
Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos AntiVirus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unpacking of Microsoft Cabinet files that contain invalid folder count values within the CAB header. Parsing of a specially crafted cabinet file can lead to an exploitable heap corruption. This vulnerability is only exposed when cabinet file inspection is explicitly enabled. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045897.html http://secunia.com/advisories/20028 http://securityreason.com/securityalert/869 http://securitytracker.com/id?1016041 http://www.securityfocus.com/archive/1/433272/100/0/threaded http://www.securityfocus.com/bid/17876 http://www.vupen.com/english/advisories/2006/1730 http://www.zerodayinitiative.com/advisories/ZDI-06-012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/26305 •
CVE-2005-4680
https://notcve.org/view.php?id=CVE-2005-4680
Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned. • http://www.sophos.com/support/knowledgebase/article/3803.html http://www.vupen.com/english/advisories/2006/0347 https://exchange.xforce.ibmcloud.com/vulnerabilities/24345 •