Sophos Anti-Virus CAB, RAR and LZH Scanning Evasion

Medium Nessus Plugin ID 26002


The remote Windows host has an application that is affected by multiple vulnerabilities.


The version of Sophos Anti-Virus installed on the remote host reportedly contains several problems involving the processing of 'CAB' 'RAR' and 'LZH' files which may allow an attacker to evade the anti- virus scanning by sending a specially-malformed archive.

In addition, an attacker may exploit an HTML injection vulnerability when processing a ZIP file.


Update to Sophos Anti-Virus engine version 2.49.0 or later.

Plugin Details

Severity: Medium

ID: 26002

File Name: sophos_2_49_0.nasl

Version: $Revision: 1.14 $

Type: local

Agent: windows

Family: Windows

Published: 2007/09/07

Modified: 2016/12/09

Dependencies: 12215

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:sophos:sophos_anti-virus

Required KB Items: Antivirus/Sophos/installed, Antivirus/Sophos/eng_ver

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/09/06

Vulnerability Publication Date: 2007/09/04

Reference Information

CVE: CVE-2007-4512, CVE-2007-4787

BID: 25572, 25574

OSVDB: 37527, 37988

CWE: 20, 79