Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4512

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4512
Last Modified 07 Mar 2011 09:58:41
Published 10 Sep 2007 01:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4512

Summary

Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe.

Vulnerable Systems

Application

  • Sophos Anti-virus 6.5.4 R2

  • Sophos Anti-virus 7.0


References

CONFIRM - http://www.sophos.com/support/knowledgebase/article/29150.html

BID - 25572

XF - sophos-zip-xss(36478)

VUPEN - ADV-2007-3077

BUGTRAQ - 20070906 Sophos Anti-Virus 6.5.4 Vulnerability

SREASON - 3107

SECUNIA - 26714

OSVDB - 37527


Last Updated: 27 May 2016 10:45:53