Sophos » Sophos Anti-virus : Security Vulnerabilities, CVEs, (Code Execution)
Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll.
Max CVSS
10.0
EPSS Score
12.91%
Published
2006-12-12
Updated
2018-10-17
Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption.
Max CVSS
7.5
EPSS Score
93.55%
Published
2006-05-10
Updated
2018-10-18
Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length.
Max CVSS
7.5
EPSS Score
16.63%
Published
2005-09-02
Updated
2017-07-11
3 vulnerabilities found