CVE-2004-0552

Name of the Vulnerable Software and Affected Versions Sophos Small Business Suite version 1.00

Description The issue arises from improper handling of files with names containing reserved MS-DOS device names, such as LPT1, COM1, AUX, CON, or PRN. This can enable malicious code to evade detection during installation, copying, or execution.

Recommendations For Sophos Small Business Suite version 1.00, consider implementing additional validation for file names to prevent the use of reserved MS-DOS device names, or apply a configuration change to properly handle such files and prevent malicious code from bypassing detection.