Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0937Etrust Antivirus vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
13.2%
top 5.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
23
Archive ZIPBroadcom Brightstor Arcserve BackupBroadcom Etrust Antivirus+20 more
Timeline
PublishedFeb 9
Latest updateApr 29

Description

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages22 packages

NVDsophos/sophos_anti-virus11 versions+10
NVDca/etrust_antivirus7.0_sp2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-mcvf-wf76-rmjf: Sophos Anti-Virus before 32022-04-29
CVEList
CVE-2004-0937: Sophos Anti-Virus before 32004-11-19

💥Exploits & PoCs

1
Exploit-DB
Multiple AntiVirus - '.zip' Detection Bypass2004-11-14
CVE-2004-0937 — Broadcom Etrust Antivirus vulnerability | cvebase