CVE-2007-4578

Name of the Vulnerable Software and Affected Versions Sophos Anti-Virus for Windows and for Unix/Linux versions prior to 2.48.0

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file. This is a result of an "integer cast around". There is a discrepancy between the vendor and the researcher regarding the severity of the issue, with the vendor stating it as a denial of service and the researcher claiming it allows code execution.

Recommendations For versions prior to 2.48.0, update to version 2.48.0 or later to resolve the issue.