- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Sophos Anti-Virus XSS Vulnerability
------------------------------------------------------------------------
SUMMARY
A ZIP archive containing a virus signature with a malformed file name will
cause a Cross Site Scripting vulnerability to be triggered from within the
Sophos Anti Virus client.
DETAILS
Vulnerable Systems:
* Sophos Anti-Virus version 6.5.4 R2
Immune Systems:
* Sophos Anti-Virus version 6.5.8 or newer
When Sophos anti-virus scans a specially crafted ZIP archive containing a
XSS attack string, it will internally log the string. When this
information is accessed via the Sophos client (SavMain.exe) the XSS attack
string is unencoded. When the print function is called, the application
can be used to run arbitrary code on the target machine from an external
attacker's submitted file.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4512>
CVE-2007-4512
Disclosure Timeline
18 April 2007 - Initial Discovery and vendor notification
19 April 2007 - Vendor Response
21 August 2007 - Second Vendor Response
6 September 2007 - Coordinated Public Release
ADDITIONAL INFORMATION
The information has been provided by Context Information Security.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
14 comments:
buy diazepam online how long will 10mg diazepam last - buy valium online fast delivery
ativan mg ativan r59 - generic for ativan
valium antidepressant valium dosage reduction - valium 5mg indication
order ambien without prescriptions ambien side effects weakness - ambien cr manufacturer
buy alprazolam online xanax and alcohol mix - where to buy xanax online forum
buy ativan ativan trip - ativan withdrawal weight loss
buy ativan ativan time to onset - ativan long term use
buy diazepam diazepam withdrawal newborn - diazepam 10 mg manufacturers
order lorazepam what does ativan withdrawal feel like - buy ativan philippines
valium diazepam diazepam dosage mg - can you buy diazepam in portugal
soma sale where to buy soma online - carisoprodol overdose mg
buy valium online valium pharmacy no prescription - where can i buy valium uk
buy soma online buy soma online us - somanabolic muscle maximizer legit
valium no prescription 5mg valium for mri - legal to buy valium online
Post a Comment