Description
Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47435
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4723
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499043/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498995/100/0/threaded
Scores
EPSS
0.0076
EPSS Percentile
73.6%
Details
CWE
CWE-20
Status
published
Products (1)
sophos/anti-virus
4.33.0
Published
Dec 12, 2008
Tracked Since
Feb 18, 2026