CVE-2004-0552 - OpenCVE

Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Sophos	Small Business Suite

Configuration 1 [-]

cpe:2.3:a:sophos:small_business_suite:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.idefense.com/application/poi/display?id=143&type=vulnerabilities
http://www.seifried.org/security/advisories/kssa-005.html	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17468

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-28T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2004-06-11T00:00:00

Link: CVE-2004-0552

JSON object: View

NVD Information

Status : Modified

Published: 2004-11-03T05:00:00.000

Modified: 2017-07-11T01:30:15.387

Link: CVE-2004-0552

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20040922 Sophos Small Business Suite Reserved Device Name Handling Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://www.idefense.com/application/poi/display?id=143&type=vulnerabilities"}, {"tags": ["x_refsource_MISC"], "url": "http://www.seifried.org/security/advisories/kssa-005.html"}, {"name": "sophos-business-security-bypass(17468)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17468"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0552", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20040922 Sophos Small Business Suite Reserved Device Name Handling Vulnerability", "refsource": "IDEFENSE", "url": "http://www.idefense.com/application/poi/display?id=143&type=vulnerabilities"}, {"name": "http://www.seifried.org/security/advisories/kssa-005.html", "refsource": "MISC", "url": "http://www.seifried.org/security/advisories/kssa-005.html"}, {"name": "sophos-business-security-bypass(17468)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17468"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0552", "datePublished": "2004-09-28T04:00:00", "dateReserved": "2004-06-11T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}