Unrated severityNVD Advisory· Published Aug 28, 2007· Updated Apr 23, 2026
CVE-2007-4578
CVE-2007-4578
Description
Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.
Affected products
37cpe:2.3:a:sophos:anti-virus:3.4.6:*:*:*:*:*:*:*+ 32 more
- cpe:2.3:a:sophos:anti-virus:3.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.78:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.78d:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.79:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.80:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.81:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.82:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.83:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.84:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.85:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.86:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.90:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.91:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.95:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.96.0:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.03:*:linux:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.04:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.05:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.9:*:linux:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:6.5:*:*:*:*:*:*:*
cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:scanning_engine:2.40.2:*:*:*:*:*:*:*
cpe:2.3:a:sophos:small_business_suite:4.04:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sophos:small_business_suite:4.04:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:small_business_suite:4.05:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- secunia.com/advisories/26580nvdPatchVendor Advisory
- www.securityfocus.com/bid/25428nvdPatch
- www.sophos.com/support/knowledgebase/article/28407.htmlnvdPatch
- securityreason.com/securityalert/3072nvd
- securitytracker.com/idnvd
- www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.phpnvd
- www.securityfocus.com/archive/1/477720/100/0/threadednvd
- www.securityfocus.com/archive/1/477864/100/0/threadednvd
- www.securityfocus.com/archive/1/477882/100/0/threadednvd
- www.vupen.com/english/advisories/2007/2972nvd
News mentions
0No linked articles in our index yet.