CVE-2007-4785
CVE-2007-4785 is a medium-severity vulnerability in Sony Micro Vault Fingerprint Access Software with a CVSS 2.0 base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.8)
- EPSS exploit prediction: 2% (77th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Sony Micro Vault Fingerprint Access Software
- Published:
- Last modified:
Description
Sony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory.
Frequently asked questions
- What is CVE-2007-4785?
- Sony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory.
- How severe is CVE-2007-4785?
- CVE-2007-4785 has a CVSS 2.0 base score of 6.8, rated medium severity.
- Is CVE-2007-4785 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (77th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-4785?
- CVE-2007-4785 affects Sony Micro Vault Fingerprint Access Software. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2007-4785?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2007-4785 published?
- CVE-2007-4785 was published on 2007-09-10 and last updated on 2026-06-16.
References
- http://hiltont.blogspot.com/2007/08/sony-rootkit-version-2.html
- http://observed.de/?entnum=101
- http://securityreason.com/securityalert/3118
- http://www.computerdefense.org/?p=380
- http://www.f-secure.com/weblog/archives/archive-082007.html#00001263
- http://www.f-secure.com/weblog/archives/archive-082007.html#00001266
- http://www.securityfocus.com/archive/1/478149/100/0/threaded
- http://www.securityfocus.com/archive/1/478315/100/0/threaded
- http://www.securityfocus.com/archive/1/478357/100/0/threaded
- http://www.securityfocus.com/archive/1/478365/100/0/threaded
Affected products (1)
- cpe:2.3:a:sony:micro_vault_fingerprint_access_software:*:*:*:*:*:*:*:*