CVE-2007-4578

Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.

Link	Resource
http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php
http://www.sophos.com/support/knowledgebase/article/28407.html	Patch
http://www.securityfocus.com/bid/25428	Patch
http://securitytracker.com/id?1018608
http://secunia.com/advisories/26580	Patch Vendor Advisory
http://securityreason.com/securityalert/3072
http://www.vupen.com/english/advisories/2007/2972
http://www.securityfocus.com/archive/1/477882/100/0/threaded
http://www.securityfocus.com/archive/1/477864/100/0/threaded
http://www.securityfocus.com/archive/1/477720/100/0/threaded

Configuration 1

cpe:2.3:a:sophos:anti-virus:4.04:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:4.03:*:linux:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:5.2:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.83:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.86:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.4.6:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.80:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.96.0:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:5.0.9:*:linux:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:4.5.12:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.81:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:4.5.11:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.79:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:4.7.1:*:*:*:*:*:*:* cpe:2.3:a:sophos:small_business_suite:4.04:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:6.5:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:4.7.2:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.90:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.78:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:4.05:*:*:*:*:*:*:* cpe:2.3:a:sophos:scanning_engine:2.40.2:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:4.5.3:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.78d:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.95:*:*:*:*:*:*:* cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:5.0.9:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.82:*:*:*:*:*:*:* cpe:2.3:a:sophos:small_business_suite:4.05:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:4.5.4:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.84:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:5.1:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.85:*:*:*:*:*:*:* cpe:2.3:a:sophos:anti-virus:3.91:*:*:*:*:*:*:*

---

Published : 2007-08-28 06:17

Updated : 2018-10-15 09:36

---

NVD link : CVE-2007-4578

Mitre link : CVE-2007-4578

No products.

CWE-189