Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for small_business_suite by sophos

    CVE-2007-4578 (GCVE-0-2007-4578)

    Vulnerability from nvd – Published: 2007-08-28 18:00 – Updated: 2024-08-07 15:01
    VLAI
    Summary
    Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/2972 vdb-entryx_refsource_VUPEN
    http://www.nruns.com/security_advisory_sophos_upx… x_refsource_MISC
    http://www.securityfocus.com/bid/25428 vdb-entryx_refsource_BID
    http://secunia.com/advisories/26580 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/477864/100… mailing-listx_refsource_BUGTRAQ
    http://www.sophos.com/support/knowledgebase/artic… x_refsource_CONFIRM
    http://securityreason.com/securityalert/3072 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/477882/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/477720/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1018608 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-08-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:01:09.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-2972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2972"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php"
              },
              {
                "name": "25428",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25428"
              },
              {
                "name": "26580",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26580"
              },
              {
                "name": "20070827 Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477864/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
              },
              {
                "name": "3072",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3072"
              },
              {
                "name": "20070827 RE: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477882/100/0/threaded"
              },
              {
                "name": "20070824 n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477720/100/0/threaded"
              },
              {
                "name": "1018608",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an \"integer cast around\".  NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-2972",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2972"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php"
            },
            {
              "name": "25428",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25428"
            },
            {
              "name": "26580",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26580"
            },
            {
              "name": "20070827 Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477864/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
            },
            {
              "name": "3072",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3072"
            },
            {
              "name": "20070827 RE: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477882/100/0/threaded"
            },
            {
              "name": "20070824 n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477720/100/0/threaded"
            },
            {
              "name": "1018608",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4578",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an \"integer cast around\".  NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-2972",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2972"
                },
                {
                  "name": "http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php",
                  "refsource": "MISC",
                  "url": "http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php"
                },
                {
                  "name": "25428",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25428"
                },
                {
                  "name": "26580",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26580"
                },
                {
                  "name": "20070827 Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477864/100/0/threaded"
                },
                {
                  "name": "http://www.sophos.com/support/knowledgebase/article/28407.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
                },
                {
                  "name": "3072",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3072"
                },
                {
                  "name": "20070827 RE: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477882/100/0/threaded"
                },
                {
                  "name": "20070824 n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477720/100/0/threaded"
                },
                {
                  "name": "1018608",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4578",
        "datePublished": "2007-08-28T18:00:00.000Z",
        "dateReserved": "2007-08-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:01:09.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4577 (GCVE-0-2007-4577)

    Vulnerability from nvd – Published: 2007-08-28 18:00 – Updated: 2024-08-07 15:01
    VLAI
    Summary
    Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/2972 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/25428 vdb-entryx_refsource_BID
    http://secunia.com/advisories/26580 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/3073 third-party-advisoryx_refsource_SREASON
    http://www.sophos.com/support/knowledgebase/artic… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/477727/100… mailing-listx_refsource_BUGTRAQ
    http://www.nruns.com/security_advisory_sophos_gzi… x_refsource_MISC
    http://securitytracker.com/id?1018608 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-08-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:01:09.876Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-2972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2972"
              },
              {
                "name": "25428",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25428"
              },
              {
                "name": "26580",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26580"
              },
              {
                "name": "3073",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3073"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
              },
              {
                "name": "20070824 n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477727/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php"
              },
              {
                "name": "1018608",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a \"BZip bomb\")."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-2972",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2972"
            },
            {
              "name": "25428",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25428"
            },
            {
              "name": "26580",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26580"
            },
            {
              "name": "3073",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3073"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
            },
            {
              "name": "20070824 n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477727/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php"
            },
            {
              "name": "1018608",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4577",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a \"BZip bomb\")."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-2972",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2972"
                },
                {
                  "name": "25428",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25428"
                },
                {
                  "name": "26580",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26580"
                },
                {
                  "name": "3073",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3073"
                },
                {
                  "name": "http://www.sophos.com/support/knowledgebase/article/28407.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
                },
                {
                  "name": "20070824 n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477727/100/0/threaded"
                },
                {
                  "name": "http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php",
                  "refsource": "MISC",
                  "url": "http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php"
                },
                {
                  "name": "1018608",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4577",
        "datePublished": "2007-08-28T18:00:00.000Z",
        "dateReserved": "2007-08-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:01:09.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0552 (GCVE-0-2004-0552)

    Vulnerability from nvd – Published: 2004-09-28 04:00 – Updated: 2024-08-08 00:24
    VLAI
    Summary
    Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:24:25.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20040922 Sophos Small Business Suite Reserved Device Name Handling Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/application/poi/display?id=143\u0026type=vulnerabilities"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.seifried.org/security/advisories/kssa-005.html"
              },
              {
                "name": "sophos-business-security-bypass(17468)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17468"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20040922 Sophos Small Business Suite Reserved Device Name Handling Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://www.idefense.com/application/poi/display?id=143\u0026type=vulnerabilities"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.seifried.org/security/advisories/kssa-005.html"
            },
            {
              "name": "sophos-business-security-bypass(17468)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17468"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0552",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20040922 Sophos Small Business Suite Reserved Device Name Handling Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://www.idefense.com/application/poi/display?id=143\u0026type=vulnerabilities"
                },
                {
                  "name": "http://www.seifried.org/security/advisories/kssa-005.html",
                  "refsource": "MISC",
                  "url": "http://www.seifried.org/security/advisories/kssa-005.html"
                },
                {
                  "name": "sophos-business-security-bypass(17468)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17468"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0552",
        "datePublished": "2004-09-28T04:00:00.000Z",
        "dateReserved": "2004-06-11T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:24:25.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4578 (GCVE-0-2007-4578)

    Vulnerability from cvelistv5 – Published: 2007-08-28 18:00 – Updated: 2024-08-07 15:01
    VLAI
    Summary
    Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/2972 vdb-entryx_refsource_VUPEN
    http://www.nruns.com/security_advisory_sophos_upx… x_refsource_MISC
    http://www.securityfocus.com/bid/25428 vdb-entryx_refsource_BID
    http://secunia.com/advisories/26580 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/477864/100… mailing-listx_refsource_BUGTRAQ
    http://www.sophos.com/support/knowledgebase/artic… x_refsource_CONFIRM
    http://securityreason.com/securityalert/3072 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/477882/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/477720/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1018608 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-08-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:01:09.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-2972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2972"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php"
              },
              {
                "name": "25428",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25428"
              },
              {
                "name": "26580",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26580"
              },
              {
                "name": "20070827 Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477864/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
              },
              {
                "name": "3072",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3072"
              },
              {
                "name": "20070827 RE: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477882/100/0/threaded"
              },
              {
                "name": "20070824 n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477720/100/0/threaded"
              },
              {
                "name": "1018608",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an \"integer cast around\".  NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-2972",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2972"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php"
            },
            {
              "name": "25428",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25428"
            },
            {
              "name": "26580",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26580"
            },
            {
              "name": "20070827 Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477864/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
            },
            {
              "name": "3072",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3072"
            },
            {
              "name": "20070827 RE: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477882/100/0/threaded"
            },
            {
              "name": "20070824 n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477720/100/0/threaded"
            },
            {
              "name": "1018608",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4578",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an \"integer cast around\".  NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-2972",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2972"
                },
                {
                  "name": "http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php",
                  "refsource": "MISC",
                  "url": "http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php"
                },
                {
                  "name": "25428",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25428"
                },
                {
                  "name": "26580",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26580"
                },
                {
                  "name": "20070827 Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477864/100/0/threaded"
                },
                {
                  "name": "http://www.sophos.com/support/knowledgebase/article/28407.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
                },
                {
                  "name": "3072",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3072"
                },
                {
                  "name": "20070827 RE: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477882/100/0/threaded"
                },
                {
                  "name": "20070824 n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477720/100/0/threaded"
                },
                {
                  "name": "1018608",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4578",
        "datePublished": "2007-08-28T18:00:00.000Z",
        "dateReserved": "2007-08-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:01:09.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4577 (GCVE-0-2007-4577)

    Vulnerability from cvelistv5 – Published: 2007-08-28 18:00 – Updated: 2024-08-07 15:01
    VLAI
    Summary
    Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/2972 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/25428 vdb-entryx_refsource_BID
    http://secunia.com/advisories/26580 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/3073 third-party-advisoryx_refsource_SREASON
    http://www.sophos.com/support/knowledgebase/artic… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/477727/100… mailing-listx_refsource_BUGTRAQ
    http://www.nruns.com/security_advisory_sophos_gzi… x_refsource_MISC
    http://securitytracker.com/id?1018608 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-08-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:01:09.876Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-2972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2972"
              },
              {
                "name": "25428",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25428"
              },
              {
                "name": "26580",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26580"
              },
              {
                "name": "3073",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3073"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
              },
              {
                "name": "20070824 n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477727/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php"
              },
              {
                "name": "1018608",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018608"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a \"BZip bomb\")."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-2972",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2972"
            },
            {
              "name": "25428",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25428"
            },
            {
              "name": "26580",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26580"
            },
            {
              "name": "3073",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3073"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
            },
            {
              "name": "20070824 n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477727/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php"
            },
            {
              "name": "1018608",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018608"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4577",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a \"BZip bomb\")."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-2972",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2972"
                },
                {
                  "name": "25428",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25428"
                },
                {
                  "name": "26580",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26580"
                },
                {
                  "name": "3073",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3073"
                },
                {
                  "name": "http://www.sophos.com/support/knowledgebase/article/28407.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.sophos.com/support/knowledgebase/article/28407.html"
                },
                {
                  "name": "20070824 n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477727/100/0/threaded"
                },
                {
                  "name": "http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php",
                  "refsource": "MISC",
                  "url": "http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php"
                },
                {
                  "name": "1018608",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018608"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4577",
        "datePublished": "2007-08-28T18:00:00.000Z",
        "dateReserved": "2007-08-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:01:09.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0552 (GCVE-0-2004-0552)

    Vulnerability from cvelistv5 – Published: 2004-09-28 04:00 – Updated: 2024-08-08 00:24
    VLAI
    Summary
    Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:24:25.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20040922 Sophos Small Business Suite Reserved Device Name Handling Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/application/poi/display?id=143\u0026type=vulnerabilities"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.seifried.org/security/advisories/kssa-005.html"
              },
              {
                "name": "sophos-business-security-bypass(17468)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17468"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20040922 Sophos Small Business Suite Reserved Device Name Handling Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://www.idefense.com/application/poi/display?id=143\u0026type=vulnerabilities"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.seifried.org/security/advisories/kssa-005.html"
            },
            {
              "name": "sophos-business-security-bypass(17468)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17468"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0552",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20040922 Sophos Small Business Suite Reserved Device Name Handling Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://www.idefense.com/application/poi/display?id=143\u0026type=vulnerabilities"
                },
                {
                  "name": "http://www.seifried.org/security/advisories/kssa-005.html",
                  "refsource": "MISC",
                  "url": "http://www.seifried.org/security/advisories/kssa-005.html"
                },
                {
                  "name": "sophos-business-security-bypass(17468)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17468"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0552",
        "datePublished": "2004-09-28T04:00:00.000Z",
        "dateReserved": "2004-06-11T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:24:25.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }