Vulnerability CVE-2004-0552
Published: 2004-11-03   Modified: 2012-02-12

Description:
Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Sophos -> Small business suite 

 References:
http://xforce.iss.net/xforce/xfdb/17468
http://www.seifried.org/security/advisories/kssa-005.html
http://www.idefense.com/application/poi/display?id=143&type=vulnerabilities
Copyright 2024, cxsecurity.com

 

Back to Top