CVE-2005-4680
First published: Sat Dec 31 2005(Updated: )
Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sophos Anti-Virus | <4.02 | |
| Sophos Anti-Virus | >=4.5.0<4.5.9 | |
| Sophos Anti-Virus | >=4.6.0<4.6.9 | |
| Sophos Anti-Virus | >=5.0.0<5.1.4 | |
| Sophos Anti-Virus | =4.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-4680?
CVE-2005-4680 is considered to be a moderate severity vulnerability.
How do I fix CVE-2005-4680?
To fix CVE-2005-4680, upgrade Sophos Anti-Virus to version 4.5.9, 4.6.9, or 5.1.4 or later.
What products are affected by CVE-2005-4680?
CVE-2005-4680 affects Sophos Anti-Virus versions prior to 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4.
What type of attack can exploit CVE-2005-4680?
CVE-2005-4680 can be exploited by remote attackers to hide arbitrary files and data through crafted ARJ archives.
Is there a workaround for CVE-2005-4680 if I cannot update?
While no official workaround is provided for CVE-2005-4680, ensuring that ARJ files are not accessed may reduce risk.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sophos
- canonical/sophos anti-virus
- version/sophos anti-virus/4.5.0
- version/sophos anti-virus/4.6.0
- version/sophos anti-virus/5.0.0
- version/sophos anti-virus/4.04