CVSS: 5.0EPSS: 0%CPEs: 168EXPL: 0CVE-2010-1425
https://notcve.org/view.php?id=CVE-2010-1425
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection. F-Secure Internet Security 2010 y anteriores; Anti-Virus para Microsoft Exchange 9 y anteriores, y para MIMEsweeper v5.61 y anteriores; Internet Gatekeeper para Windows v6.61 y anteriores, y para Linux v4.02 y anteriores; Anti-Virus 2010 y anteriores; Home Server Security 2009; Protection Service para Consumers 9 y anteriores, para Business - Workstation security 9 y anteriores, para Business - Server Security 8 y anteriores, y para E-mail y Server security 9 y anteriores; Mac Protection build 8060 y anteriores; Client Security 9 y anteriores; y varios productos Anti-Virus para Windows, Linux, y Citrix no detectan adecuadamente malware en archivos (1) 7Z, (2) GZIP, (3) CAB, o (4) RAR manipulados, lo que facilita a atacantes evitar la detección. • http://secunia.com/advisories/39396 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html http://www.securitytracker.com/id?1023841 http://www.securitytracker.com/id?1023842 http://www.securitytracker.com/id?1023843 http://www.vupen.com/english/advisories/2010/0855 •
CVSS: 6.8EPSS: 1%CPEs: 19EXPL: 0CVE-2009-1782
https://notcve.org/view.php?id=CVE-2009-1782
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive. Múltiples productos antivirus F-Secure, incluidos: Anti-Virus for Microsoft Exchange v7.10 y anteriores; Internet Gatekeeper for Windows v6.61 y anteriores, Windows v6.61 y anteriores, y Linux v2.16 y anteriores; Internet Security 2009 y anteriores, Anti-Virus 2009 y anteriores, Client Security v8.0 y anteriores y otros; permiten a atacantes remotos saltar la detección de software malicioso mediante archivos (1) .ZIP y (2) .RAR manipulados. • http://secunia.com/advisories/35008 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html http://www.securityfocus.com/bid/34849 http://www.securitytracker.com/id?1022170 http://www.securitytracker.com/id?1022171 http://www.securitytracker.com/id?1022172 http://www.vupen.com/english/advisories/2009/1262 https://exchange.xforce.ibmcloud.com/vulnerabilities/50346 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4512
https://notcve.org/view.php?id=CVE-2007-4512
Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. Una vulnerabilidad de tipo cross-site scripting (XSS) en Sophos Anti-Virus para Windows versiones 6.x anteriores a 6.5.8 y versiones 7.x anteriores a 7.0.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un registro con un archivo que coincide con una firma de virus y tiene un nombre de archivo diseñado que no es manejado apropiadamente mediante la función print en el archivo SavMain.exe. • http://osvdb.org/37527 http://secunia.com/advisories/26714 http://securityreason.com/securityalert/3107 http://www.securityfocus.com/archive/1/478708/100/0/threaded http://www.securityfocus.com/bid/25572 http://www.sophos.com/support/knowledgebase/article/29150.html http://www.vupen.com/english/advisories/2007/3077 https://exchange.xforce.ibmcloud.com/vulnerabilities/36478 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 4%CPEs: 37EXPL: 0CVE-2007-4577
https://notcve.org/view.php?id=CVE-2007-4577
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb"). Sophos Anti-Virus para Unix/Linux anterior a 2.48.0 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un archivo BZip mal formado que resulta en la creación de múltiples ficheros Engine temporales (también conocida como "bomba BZip"). • http://secunia.com/advisories/26580 http://securityreason.com/securityalert/3073 http://securitytracker.com/id?1018608 http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php http://www.securityfocus.com/archive/1/477727/100/0/threaded http://www.securityfocus.com/bid/25428 http://www.sophos.com/support/knowledgebase/article/28407.html http://www.vupen.com/english/advisories/2007/2972 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 10%CPEs: 37EXPL: 0CVE-2007-4578
https://notcve.org/view.php?id=CVE-2007-4578
Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable. Sophos Anti-Virus para Windows y para Unix/Linux anterior a 2.48.0 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un archivo empaquetado con UPX manipulado, resultado de una "conversión de vuelta de entero" (integer cast around). NOTA: a fecha de 28/08/2007, el fabricante dice que esto es una denegación de servicio y el investigador dice que permite ejecución de código, pero el investigador es fiable. • http://secunia.com/advisories/26580 http://securityreason.com/securityalert/3072 http://securitytracker.com/id?1018608 http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php http://www.securityfocus.com/archive/1/477720/100/0/threaded http://www.securityfocus.com/archive/1/477864/100/0/threaded http://www.securityfocus.com/archive/1/477882/100/0/threaded http://www.securityfocus.com/bid/25428 http://www.sophos.com/support/knowledgebase/article/28407.html http:/& • CWE-189: Numeric Errors •