CVE-2004-0552

critical

Description

Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17468

http://www.idefense.com/application/poi/display?id=143&type=vulnerabilities

Details

Source: Mitre, NVD

Published: 2004-11-03

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.16369