Strix
26.1K

CVE-2008-6903

UnknownEPSS 6.61%

Last modified

CVE-2008-6903 is a vulnerability of currently unknown severity. Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.. EPSS estimates a 6.61% chance of exploitation in the next 30 days.

Description

Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.

Metrics

EPSS Probability
6.61%

93.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
SophosAnti-Virus4.7.18
SophosAnti-Virus4.9.18
SophosAnti-Virus4.37.0
SophosAnti-Virus6.4.5
SophosAnti-Virus7.0.5
SophosAnti-Virus7.6.3All versionsWindows

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2008-6903?
Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.
How severe is CVE-2008-6903?
Severity scoring for CVE-2008-6903 is pending analysis. The EPSS model estimates a 6.61% probability of exploitation in the next 30 days.
How do I fix CVE-2008-6903?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-6903?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST