{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Sophos Anti-Virus Small Business Edition ;","product":{"name":"N/A","vendor":{"name":"Sophos","scada":false}}},{"description":"Sophos MailMonitor for Notes/Domino, SMTP ;","product":{"name":"N/A","vendor":{"name":"Sophos","scada":false}}},{"description":"Sophos Anti-Virus 3.x, 4.x et 5.x ;","product":{"name":"N/A","vendor":{"name":"Sophos","scada":false}}},{"description":"Sophos PureMessage for UNIX 4.x, 5.x ;","product":{"name":"N/A","vendor":{"name":"Sophos","scada":false}}},{"description":"Sophos PureMessage for Windows/Exchange 2.x ;","product":{"name":"N/A","vendor":{"name":"Sophos","scada":false}}},{"description":"Sophos PureMessage Small Business Edition 2.x.","product":{"name":"N/A","vendor":{"name":"Sophos","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne erreur dans la gestion des tampons m\u00e9moire lors de la d\u00e9compression\ndes archives cab peut \u00eatre exploit\u00e9e pour ex\u00e9cuter du code arbitraire,\nsi la configuration pr\u00e9voit l'analyse de telles archives. L'insertion en\npi\u00e8ce jointe d'un message vers l'\u00e9quipement de la victime, permet une\naction \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2006-0994","url":"https://www.cve.org/CVERecord?id=CVE-2006-0994"}],"links":[],"reference":"CERTA-2006-AVI-191","revisions":[{"description":"version initiale.","revision_date":"2006-05-10T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Un utilisateur mal intentionn\u00e9 peut soumettre \u00e0 l'antivirus une archive\n<span class=\"textit\">cab</span> volontairement construite pour ex\u00e9cuter\ndu code arbitraire.\n","title":"Vuln\u00e9rabilit\u00e9 des antivirus Sophos","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Sophos","url":"http://www.sophos.com/support/knowledgebase/article/4934.html"}]}