Sophos Anti-Virus Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Sophos Anti-Virus, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system.

1. An integer overflow error when scanning a Visual Basic 6 compiled file can be exploited to cause a heap-based buffer overflow.
2. Certain input is not properly sanitised within the Layered Service Provider (LSP) block page before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3. An error when checking a compression algorithm within the "CFFolder" structure can be exploited to cause a buffer overflow via a specially crafted CAB archive.
4. An error within the VM_STANDARD byte-code opcode can be exploited to corrupt memory via a specially crafted RAR archive.
5. An error due to the application setting insecure file system permissions on the network update service directory can be exploited to create update modules (e.g. DLL libraries), which will execute with SYSTEM privileges.
6. An error when decrypting PDF revision 3 documents during scanning can be exploited to cause a stack-based buffer overflow via a specially crafted file.

Successful exploitation of vulnerabilities #1, #3, #4, and #6 may allow execution of arbitrary code.