Sophos Anti-Virus Multiple Vulnerabilities
Last Update Date:
9 Nov 2012
Release Date:
6 Nov 2012
4747
Views
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities have been identified in Sophos Anti-Virus, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system.
- An integer overflow error when scanning a Visual Basic 6 compiled file can be exploited to cause a heap-based buffer overflow.
- Certain input is not properly sanitised within the Layered Service Provider (LSP) block page before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
- An error when checking a compression algorithm within the "CFFolder" structure can be exploited to cause a buffer overflow via a specially crafted CAB archive.
- An error within the VM_STANDARD byte-code opcode can be exploited to corrupt memory via a specially crafted RAR archive.
- An error due to the application setting insecure file system permissions on the network update service directory can be exploited to create update modules (e.g. DLL libraries), which will execute with SYSTEM privileges.
- An error when decrypting PDF revision 3 documents during scanning can be exploited to cause a stack-based buffer overflow via a specially crafted file.
Successful exploitation of vulnerabilities #1, #3, #4, and #6 may allow execution of arbitrary code.
Impact
- Cross-Site Scripting
- Elevation of Privilege
- Remote Code Execution
System / Technologies affected
- Sophos Anti-Virus 10.x
- Sophos Anti-Virus 9.x
- Sophos Anti-Virus for Mac OS X 8.x
- Sophos Anti-Virus for Unix 4.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to the latest version
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with