Vulnerability Details : CVE-2007-4578
Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2007-4578
- cpe:2.3:a:sophos:small_business_suite:4.04:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:small_business_suite:4.05:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.04:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.05:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.78d:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.79:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.86:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.90:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.9:*:linux:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.82:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.83:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.96.0:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.03:*:linux:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.80:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.81:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.91:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.95:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.78:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.84:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.85:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:scanning_engine:2.40.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4578
8.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4578
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2007-4578
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4578
-
http://www.securityfocus.com/archive/1/477720/100/0/threaded
-
http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php
-
http://www.vupen.com/english/advisories/2007/2972
-
http://securityreason.com/securityalert/3072
-
http://www.securityfocus.com/archive/1/477882/100/0/threaded
-
http://www.securityfocus.com/bid/25428
Patch
-
http://www.sophos.com/support/knowledgebase/article/28407.html
Patch
-
http://www.securityfocus.com/archive/1/477864/100/0/threaded
-
http://securitytracker.com/id?1018608
Jump to