CVE-2010-2308
https://notcve.org/view.php?id=CVE-2010-2308
Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function. Vulnerabilidad no especificada en el controlador de filtrado (savonaccessfilter.sys) en Sophos Anti-Virus anterior a v7.6.20, permite a usuarios locales elevar sus privilegios a través de argumentos manipulados en la función NtQueryAttributesFile. • http://dvlabs.tippingpoint.com/advisory/TPTI-10-03 http://secunia.com/advisories/40085 http://www.securityfocus.com/archive/1/511773/100/0/threaded http://www.securitytracker.com/id?1024089 http://www.sophos.com/support/knowledgebase/article/111126.html http://www.vupen.com/english/advisories/2010/1412 •
CVE-2010-1425
https://notcve.org/view.php?id=CVE-2010-1425
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection. F-Secure Internet Security 2010 y anteriores; Anti-Virus para Microsoft Exchange 9 y anteriores, y para MIMEsweeper v5.61 y anteriores; Internet Gatekeeper para Windows v6.61 y anteriores, y para Linux v4.02 y anteriores; Anti-Virus 2010 y anteriores; Home Server Security 2009; Protection Service para Consumers 9 y anteriores, para Business - Workstation security 9 y anteriores, para Business - Server Security 8 y anteriores, y para E-mail y Server security 9 y anteriores; Mac Protection build 8060 y anteriores; Client Security 9 y anteriores; y varios productos Anti-Virus para Windows, Linux, y Citrix no detectan adecuadamente malware en archivos (1) 7Z, (2) GZIP, (3) CAB, o (4) RAR manipulados, lo que facilita a atacantes evitar la detección. • http://secunia.com/advisories/39396 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html http://www.securitytracker.com/id?1023841 http://www.securitytracker.com/id?1023842 http://www.securitytracker.com/id?1023843 http://www.vupen.com/english/advisories/2010/0855 •
CVE-2009-3588
https://notcve.org/view.php?id=CVE-2009-3588
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. Vulnerabilidad inespecífica en el componente arclib en el motor antivirus en CA Anti-Virus para empresas (anteriormente eTrust Antivirus) desde v7.1 hasta r8.1; Anti-Virus desde 2007 (v8) hasta 2009; eTrust EZ Antivirus r7.1; Internet Security Suite desde 2007 (v3) hasta Plus 2009; y otros productos de CA permite a atacantes remotos producir una denegación de servicio a través de un archivo RAR manipulado que inicia la corrupción de la pila, una vulnerabilidad diferente que CVE-2009-3587. • http://secunia.com/advisories/36976 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 http://www.securityfocus.com/archive/1/507068/100/0/threaded http://www.securityfocus.com/bid/36653 http://www.securitytracker.com/id?1022999 http://www.vupen.com/english/advisories/2009/2852 https://exchange.xforce.ibmcloud.com/vulnerabilities/53698 •
CVE-2009-3587
https://notcve.org/view.php?id=CVE-2009-3587
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588. Vulnerabilidad no especificada en el componente arclib en el motor Anti-Virus en CA Anti-Virus para Enterprise (formalmente eTrust Antivirus) v7.1 hasta v8.1; Anti-Virus 2007 (v8) hasta 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) hasta Plus 2009; y otros productos CA permite a atacantes remotos causar una denegación de servicio y ejecutar probablemente código de su elección a través del archivo RAR manipulado que provoca una corrupción de la memoria dinámica, una vulnerabilidad diferente que CVE-2009-3588. • http://osvdb.org/58691 http://secunia.com/advisories/36976 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 http://www.securityfocus.com/archive/1/507068/100/0/threaded http://www.securityfocus.com/bid/36653 http://www.securitytracker.com/id?1022999 http://www.vupen.com/english/advisories/2009/2852 https://exchange.xforce.ibmcloud.com/vulnerabilities/53697 •
CVE-2008-6904
https://notcve.org/view.php?id=CVE-2008-6904
Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE. Vulnerabilidad sin especificar en Sophos SAVScan v4.33.0 de Linux, y probablemente otros productos y versiones, permiten a atacantes remotos causar una denegación de servicio (falta de segmentación) y probablemente ejecutar código a su elección a través de archivos manipulados que han sido empaquetados con (1)armadillo, (2) asprotect, o (3) asprotectSKE. • http://marc.info/?l=bugtraq&m=122893252316489&w=2 http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html http://www.securityfocus.com/bid/32748 http://www.sophos.com/support/knowledgebase/article/50611.html https://exchange.xforce.ibmcloud.com/vulnerabilities/52443 •