Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sophos魔法字节缺陷病毒检测绕过漏洞
Vulnerability Description
Sophos Anti-Virus 来自英国的欧洲防毒软件领导品牌。 带2.28.4引擎的Sophos 3.91存在多个解释错误。远程攻击者可通过带有"MZ"魔法字节序列的BAT、HTML和EML等文件绕过病毒扫描。该序列通常与EXE关联,它会使该文件被视为安全类型,仍可由端系统上的应用程序作为危险文件类型来执行,比如由含有EXE、EML和HTML内容的"三头"程序执行,也称为"魔法字节缺陷"。
CVSS Information
N/A
Vulnerability Type
N/A