CVSS: 5.0EPSS: 0%CPEs: 168EXPL: 0CVE-2010-1425
https://notcve.org/view.php?id=CVE-2010-1425
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection. F-Secure Internet Security 2010 y anteriores; Anti-Virus para Microsoft Exchange 9 y anteriores, y para MIMEsweeper v5.61 y anteriores; Internet Gatekeeper para Windows v6.61 y anteriores, y para Linux v4.02 y anteriores; Anti-Virus 2010 y anteriores; Home Server Security 2009; Protection Service para Consumers 9 y anteriores, para Business - Workstation security 9 y anteriores, para Business - Server Security 8 y anteriores, y para E-mail y Server security 9 y anteriores; Mac Protection build 8060 y anteriores; Client Security 9 y anteriores; y varios productos Anti-Virus para Windows, Linux, y Citrix no detectan adecuadamente malware en archivos (1) 7Z, (2) GZIP, (3) CAB, o (4) RAR manipulados, lo que facilita a atacantes evitar la detección. • http://secunia.com/advisories/39396 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html http://www.securitytracker.com/id?1023841 http://www.securitytracker.com/id?1023842 http://www.securitytracker.com/id?1023843 http://www.vupen.com/english/advisories/2010/0855 •
CVSS: 6.8EPSS: 1%CPEs: 19EXPL: 0CVE-2009-1782
https://notcve.org/view.php?id=CVE-2009-1782
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive. Múltiples productos antivirus F-Secure, incluidos: Anti-Virus for Microsoft Exchange v7.10 y anteriores; Internet Gatekeeper for Windows v6.61 y anteriores, Windows v6.61 y anteriores, y Linux v2.16 y anteriores; Internet Security 2009 y anteriores, Anti-Virus 2009 y anteriores, Client Security v8.0 y anteriores y otros; permiten a atacantes remotos saltar la detección de software malicioso mediante archivos (1) .ZIP y (2) .RAR manipulados. • http://secunia.com/advisories/35008 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html http://www.securityfocus.com/bid/34849 http://www.securitytracker.com/id?1022170 http://www.securitytracker.com/id?1022171 http://www.securitytracker.com/id?1022172 http://www.vupen.com/english/advisories/2009/1262 https://exchange.xforce.ibmcloud.com/vulnerabilities/50346 •
CVSS: 5.0EPSS: 9%CPEs: 35EXPL: 0CVE-2007-4787
https://notcve.org/view.php?id=CVE-2007-4787
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection. El motor de detección de virus en Sophos Anti-Virus anterior a 2.49.0 no procesa adecuadamente los archivos malformados (1) CAB, (2) LZH, y (3) RAR con cabeceras modificadas, lo cual podría permitir a atacantes remotos evitar la detección de código malicioso. • http://osvdb.org/37988 http://secunia.com/advisories/26726 http://www.securityfocus.com/bid/25574 http://www.sophos.com/support/knowledgebase/article/29146.html http://www.vupen.com/english/advisories/2007/3078 https://exchange.xforce.ibmcloud.com/vulnerabilities/36502 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4512
https://notcve.org/view.php?id=CVE-2007-4512
Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. Una vulnerabilidad de tipo cross-site scripting (XSS) en Sophos Anti-Virus para Windows versiones 6.x anteriores a 6.5.8 y versiones 7.x anteriores a 7.0.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un registro con un archivo que coincide con una firma de virus y tiene un nombre de archivo diseñado que no es manejado apropiadamente mediante la función print en el archivo SavMain.exe. • http://osvdb.org/37527 http://secunia.com/advisories/26714 http://securityreason.com/securityalert/3107 http://www.securityfocus.com/archive/1/478708/100/0/threaded http://www.securityfocus.com/bid/25572 http://www.sophos.com/support/knowledgebase/article/29150.html http://www.vupen.com/english/advisories/2007/3077 https://exchange.xforce.ibmcloud.com/vulnerabilities/36478 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 4%CPEs: 37EXPL: 0CVE-2007-4577
https://notcve.org/view.php?id=CVE-2007-4577
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb"). Sophos Anti-Virus para Unix/Linux anterior a 2.48.0 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un archivo BZip mal formado que resulta en la creación de múltiples ficheros Engine temporales (también conocida como "bomba BZip"). • http://secunia.com/advisories/26580 http://securityreason.com/securityalert/3073 http://securitytracker.com/id?1018608 http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php http://www.securityfocus.com/archive/1/477727/100/0/threaded http://www.securityfocus.com/bid/25428 http://www.sophos.com/support/knowledgebase/article/28407.html http://www.vupen.com/english/advisories/2007/2972 • CWE-399: Resource Management Errors •