CVE-2008-6904 | Vulnerability Database | Aqua Security

Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE.

Affected Software

Name	Vendor	Start Version	End Version
Anti-virus	Sophos	4.7.18 (including)	4.7.18 (including)
Anti-virus	Sophos	4.9.18 (including)	4.9.18 (including)
Anti-virus	Sophos	4.37.0 (including)	4.37.0 (including)
Anti-virus	Sophos	6.4.5 (including)	6.4.5 (including)
Anti-virus	Sophos	7.0.5 (including)	7.0.5 (including)
Anti-virus7.6.3	Sophos	*	*

References

http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2
http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html
http://www.securityfocus.com/bid/32748
http://www.sophos.com/support/knowledgebase/article/50611.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/52443
http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2
http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html
http://www.securityfocus.com/bid/32748
http://www.sophos.com/support/knowledgebase/article/50611.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/52443

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-6904
CWE	https://cwe.mitre.org/data/definitions/.html