Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.
https://exchange.xforce.ibmcloud.com/vulnerabilities/24345
http://www.vupen.com/english/advisories/2006/0347
http://www.sophos.com/support/knowledgebase/article/3803.html
Source: Mitre, NVD
Published: 2005-12-31
Updated: 2026-06-16
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
Severity: Medium
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: High
EPSS: 0.03191