CVE-2008-1737

CWE-20Improper Input Validation3 documents3 sources
Severity
6.9MEDIUM
EPSS
0.1%
top 82.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sophos Anti-virus
Timeline
PublishedApr 30
Latest updateMay 1

Description

Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4975-r5xj-5w3j: Sophos Anti-Virus 72022-05-01
CVEList
CVE-2008-1737: Sophos Anti-Virus 72008-04-29
CVE-2008-1737 (MEDIUM CVSS 6.9) | Sophos Anti-Virus 7.0.5 | cvebase.io