CVE-2005-3382

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2005-10-29 CVE Reserved
2005-10-29 CVE Published
2024-02-18 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=113026417802703&w=2	Mailing List
http://www.securityelf.org/magicbyte.html	X_refsource_misc
http://www.securityelf.org/updmagic.html	X_refsource_misc
http://www.securityfocus.com/bid/15189	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.securityelf.org/magicbyteadv.html	2016-10-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sophos Search vendor "Sophos"		Sophos Anti-virus Search vendor "Sophos" for product "Sophos Anti-virus"				3.91_engine_2.28.4 Search vendor "Sophos" for product "Sophos Anti-virus" and version "3.91_engine_2.28.4"		-		Affected