CVE-2007-4578
CVSS 6.8 - MEDIUM
Description
Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.
Affected Products
37| Vendor | Product | Version |
|---|---|---|
| sophos | anti-virus |
3.4.6
|
| sophos | anti-virus |
3.78
|
| sophos | anti-virus |
3.78d
|
| sophos | anti-virus |
3.79
|
| sophos | anti-virus |
3.80
|
| sophos | anti-virus |
3.81
|
| sophos | anti-virus |
3.82
|
| sophos | anti-virus |
3.83
|
| sophos | anti-virus |
3.84
|
| sophos | anti-virus |
3.85
|
| sophos | anti-virus |
3.86
|
| sophos | anti-virus |
3.90
|
| sophos | anti-virus |
3.91
|
| sophos | anti-virus |
3.95
|
| sophos | anti-virus |
3.96.0
|
| sophos | anti-virus |
4.03
|
| sophos | anti-virus |
4.04
|
| sophos | anti-virus |
4.05
|
| sophos | anti-virus |
4.5.3
|
| sophos | anti-virus |
4.5.4
|
| sophos | anti-virus |
4.5.11
|
| sophos | anti-virus |
4.5.12
|
| sophos | anti-virus |
4.7.1
|
| sophos | anti-virus |
4.7.2
|
| sophos | anti-virus |
5.0.1
|
| sophos | anti-virus |
5.0.2
|
| sophos | anti-virus |
5.0.4
|
| sophos | anti-virus |
5.0.9
|
| sophos | anti-virus |
5.0.9
|
| sophos | anti-virus |
5.1
|
| sophos | anti-virus |
5.2
|
| sophos | anti-virus |
5.2.1
|
| sophos | anti-virus |
6.5
|
| sophos | scanning_engine |
2.30.4
|
| sophos | scanning_engine |
2.40.2
|
| sophos | small_business_suite |
4.04
|
| sophos | small_business_suite |
4.05
|
References
Weakness Types
CWE-189
CVE Information
- CVE ID:
CVE-2007-4578- Published:
- 2007-08-28
- Modified:
- 2026-04-23
- CVSS Score:
- 6.8
- Severity:
- MEDIUM
- Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Vendors
sophos
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL