CVE-2004-0552
First published: Tue Sep 28 2004(Updated: )
Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sophos Small Business Suite | <=1.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-0552?
CVE-2004-0552 has a high severity rating due to potential exploitation by malicious code.
How do I fix CVE-2004-0552?
To fix CVE-2004-0552, upgrade to a later version of Sophos Small Business Suite that addresses this vulnerability.
What versions of Sophos Small Business Suite are affected by CVE-2004-0552?
CVE-2004-0552 affects Sophos Small Business Suite version 1.00 and below.
What kind of vulnerabilities does CVE-2004-0552 expose in Sophos Small Business Suite?
CVE-2004-0552 exposes the system to potential malicious code execution by allowing it to bypass detection through reserved MS-DOS device names.
Is there a workaround for CVE-2004-0552?
A potential workaround for CVE-2004-0552 is to avoid using filenames that include reserved MS-DOS device names.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/sophos
- canonical/sophos small business suite
- version/sophos small business suite/1.00