Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0552

4 documents4 sources

Severity

7.5HIGH

EPSS

16.4%

top 5.14%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sophos Small Business Suite

Timeline

PublishedNov 3

Latest updateApr 29

Description

Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsophos/small_business_suite1.00

Patches

Patch: www.seifried.org ↗Patch: www.seifried.org ↗

🔴Vulnerability Details

GHSA

GHSA-7wv3-c4wx-9xjq: Sophos Small Business Suite 1↗2022-04-29

▶

CVEList

CVE-2004-0552: Sophos Small Business Suite 1↗2004-09-28

▶

💥Exploits & PoCs

Exploit-DB

Sophos Anti-Virus 3.x - Reserved MS-DOS Name Scan Evasion↗2004-09-22

▶