Sophos Anti-Virus For Windows CAB File Scan Evasion

Medium Nessus Plugin ID 39448


The remote host is running antivirus software with a file scan evasion vulnerability.


According to its engine number, the version of Sophos Anti-Virus running on the remote Windows host has a scan evasion vulnerability.
Specially crafted CAB files can exploit this to bypass antivirus scanning.


Upgrade to Sophos Anti-Virus engine version 2.87.1 or later.

Plugin Details

Severity: Medium

ID: 39448

File Name: sophos_2_87_1.nasl

Version: $Revision: 1.10 $

Type: local

Agent: windows

Family: Windows

Published: 2009/06/18

Modified: 2013/04/16

Dependencies: 12215

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:sophos:sophos_anti-virus

Required KB Items: Antivirus/Sophos/installed, Antivirus/Sophos/eng_ver

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/06/16

Reference Information

BID: 35402

OSVDB: 55107

Secunia: 35467