CVE-2006-0994

4 documents4 sources
Severity
7.5HIGH
EPSS
42.7%
top 2.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sophos Sophos Anti-virus
Timeline
PublishedMay 10
Latest updateMay 1

Description

Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDsophos/sophos_anti-virus5.0.05.2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-hgv8-r364-cmqx: Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 52022-05-01
CVEList
CVE-2006-0994: Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 52006-05-10
CVE-2006-0994 (HIGH CVSS 7.5) | Multiple Sophos Anti-Virus products | cvebase.io