CVE-2004-0552

Sophos Small Business Suite 1.00 - Info Disclosure

Title source: llm

Description

Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Kurt Seifried · textremotewindows

https://www.exploit-db.com/exploits/24623

View Code ZIP pw:eip

References (3)

Core 3

Core References

Various Sources third-party-advisory x_refsource_idefense

http://www.idefense.com/application/poi/display?id=143&type=vulnerabilities

Exploit, Patch, Vendor Advisory x_refsource_misc

http://www.seifried.org/security/advisories/kssa-005.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17468

Scores

EPSS 0.1637

EPSS Percentile 94.9%

Details

Status published

Products (1)

sophos/small_business_suite < 1.00

Published Nov 03, 2004

Tracked Since Feb 18, 2026