header-logo
Suggest Exploit
vendor:
Anti-Virus
by:
SecurityFocus
7.5
CVSS
HIGH
Reserved MS-DOS Name Virus Scan Evasion
N/A
CWE
Product Name: Anti-Virus
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2004

Reserved MS-DOS Name Virus Scan Evasion

Sophos Anti-Virus is affected by a reserved MS-DOS name virus scan evasion vulnerability. This issue is due to a design error that allows certain files to avoid being scanned. An attacker may leverage this issue to bypass the scanner protection provided by the vulnerable anti-virus scanner, giving users a false sense of security. It is reported that this issue can be leveraged to bypass both file system and email virus scanners, allowing this issue to be exploited remotely.

Mitigation:

Upgrade to the latest version of Sophos Anti-Virus.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11236/info

Sophos Anti-Virus is affected by a reserved MS-DOS name virus scan evasion vulnerability. This issue is due to a design error that allows certain files to avoid being scanned.

An attacker may leverage this issue to bypass the scanner protection provided by the vulnerable anti-virus scanner, giving users a false sense of security. It is reported that this issue can be leveraged to bypass both file system and email virus scanners, allowing this issue to be exploited remotely.

copy source \\.\C:\aux

Navigation

Suggest Exploit

Services By CQR