Skip to main content

Sophos Anti-Virus Multiple Vulnerabilities

Last Update Date: 9 Nov 2012 Release Date: 6 Nov 2012 4747 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities have been identified in Sophos Anti-Virus, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system.

  1. An integer overflow error when scanning a Visual Basic 6 compiled file can be exploited to cause a heap-based buffer overflow.
  2. Certain input is not properly sanitised within the Layered Service Provider (LSP) block page before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
  3. An error when checking a compression algorithm within the "CFFolder" structure can be exploited to cause a buffer overflow via a specially crafted CAB archive.
  4. An error within the VM_STANDARD byte-code opcode can be exploited to corrupt memory via a specially crafted RAR archive.
  5. An error due to the application setting insecure file system permissions on the network update service directory can be exploited to create update modules (e.g. DLL libraries), which will execute with SYSTEM privileges.
  6. An error when decrypting PDF revision 3 documents during scanning can be exploited to cause a stack-based buffer overflow via a specially crafted file.

Successful exploitation of vulnerabilities #1, #3, #4, and #6 may allow execution of arbitrary code.


Impact

  • Cross-Site Scripting
  • Elevation of Privilege
  • Remote Code Execution

System / Technologies affected

  • Sophos Anti-Virus 10.x
  • Sophos Anti-Virus 9.x
  • Sophos Anti-Virus for Mac OS X 8.x
  • Sophos Anti-Virus for Unix 4.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to the latest version

Vulnerability Identifier

  • No CVE information is available

Source


Related Link