CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 0CVE-2008-6903
https://notcve.org/view.php?id=CVE-2008-6903
Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. Sophos Anti-Virus para Windows anteriores a v7.6.3, Anti-Virus para Windows NT/9x anteriores a v.4.7.18, Anti-Virus para OS X anteriores a v.4.9.18, Anti-Virus para Linux anteriores a v.6.4.5, Anti-Virus para UNIX anteriores a v7.0.5, Anti-Virus para Unix y Netware anteriores a v.4.37.0, Sophos EM Library, y Sophos small business solutions, cuando el archivo escaneado CAB está activo, permite a atacantes remotos causar una denegación de servicio (falta de segmentación) a través del fichero "fuzzed" CAB, como se ha demostrado mediante la suite para el testeo de formatos de archivo PROTOS GENOME. • http://marc.info/?l=bugtraq&m=122893252316489&w=2 http://osvdb.org/50863 http://secunia.com/advisories/33177 http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html http://www.securityfocus.com/bid/32748 http://www.securitytracker.com/id?1021476 http://www.sophos.com/support/knowledgebase/article/50611.html http://www.vupen.com/english/advisories/2008/3458 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 19EXPL: 0CVE-2009-1782
https://notcve.org/view.php?id=CVE-2009-1782
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive. Múltiples productos antivirus F-Secure, incluidos: Anti-Virus for Microsoft Exchange v7.10 y anteriores; Internet Gatekeeper for Windows v6.61 y anteriores, Windows v6.61 y anteriores, y Linux v2.16 y anteriores; Internet Security 2009 y anteriores, Anti-Virus 2009 y anteriores, Client Security v8.0 y anteriores y otros; permiten a atacantes remotos saltar la detección de software malicioso mediante archivos (1) .ZIP y (2) .RAR manipulados. • http://secunia.com/advisories/35008 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html http://www.securityfocus.com/bid/34849 http://www.securitytracker.com/id?1022170 http://www.securitytracker.com/id?1022171 http://www.securitytracker.com/id?1022172 http://www.vupen.com/english/advisories/2009/1262 https://exchange.xforce.ibmcloud.com/vulnerabilities/50346 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5526
https://notcve.org/view.php?id=CVE-2008-5526
DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. DrWeb Anti-virus v4.44.0.09170, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando una cabecera MZ (alias "EXE info") al principio, y modificar el nombre del archivo a (1 ) sin extensión, (2) una extensión. txt, o (3) una extensión .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745. • http://securityreason.com/securityalert/4723 http://www.securityfocus.com/archive/1/498995/100/0/threaded http://www.securityfocus.com/archive/1/499043/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5541
https://notcve.org/view.php?id=CVE-2008-5541
Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Sophos Anti-Virus v4.33.0, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando una cabecera MZ (alias "EXE info") al principio, y modificar el nombre del archivo a (1 ) sin extensión, (2) una extensión. txt, o (3) una extensión .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745. • http://securityreason.com/securityalert/4723 http://www.securityfocus.com/archive/1/498995/100/0/threaded http://www.securityfocus.com/archive/1/499043/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1737
https://notcve.org/view.php?id=CVE-2008-1737
Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function. Sophos Anti-Virus 7.0.5 y otras versiones 7.x, cuando está habilitado Runtime Behavioural Analysis, permite a usuarios locales provocar una denegación de servicio (reinicio con el producto deshabilitado) y posiblemente obtener privilegios mediante un valor zero en cierto campo length en el argumento ObjectAttributes a la función NtCreateKey hooked System Service Descriptor Table (SSDT). • http://secunia.com/advisories/29996 http://securityreason.com/securityalert/3838 http://securitytracker.com/id?1019945 http://www.coresecurity.com/?action=item&id=2249 http://www.securityfocus.com/archive/1/491405/100/0/threaded http://www.securityfocus.com/bid/28743 http://www.sophos.com/support/knowledgebase/article/37810.html http://www.vupen.com/english/advisories/2008/1381 https://exchange.xforce.ibmcloud.com/vulnerabilities/42083 • CWE-20: Improper Input Validation •