CVE-2004-0552
CVE-2004-0552 is a high-severity vulnerability in Sophos Small Business Suite with a CVSS 2.0 base score of 7.5. Its EPSS exploit-prediction score of 24% places it in the 98th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 24% (98th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Sophos Small Business Suite
- Published:
- Last modified:
Description
Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.
Frequently asked questions
- What is CVE-2004-0552?
- Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.
- How severe is CVE-2004-0552?
- CVE-2004-0552 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2004-0552 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 24% (98th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2004-0552?
- CVE-2004-0552 affects Sophos Small Business Suite. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2004-0552?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2004-0552 published?
- CVE-2004-0552 was published on 2004-11-03 and last updated on 2026-06-16.
References
- http://www.idefense.com/application/poi/display?id=143&type=vulnerabilities
- http://www.seifried.org/security/advisories/kssa-005.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17468
Affected products (1)
- cpe:2.3:a:sophos:small_business_suite:*:*:*:*:*:*:*:*
More vulnerabilities in Sophos Small Business Suite
- CVE-2007-4577 — High (CVSS 7.8): Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via…
- CVE-2007-4578 — Medium (CVSS 6.8): Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service…