A vulnerability has been reported in Sophos Anti-Virus, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to cause a heap-based buffer overflow.
The vulnerability has been reported in Sophos Anti-Virus Small Business Edition and in Sophos Anti-Virus versions prior to 3.96.0 and prior to 4.5.4.
The vendor has included a fix in the following versions:
* Version 3.96.0 of Sophos Anti-Virus (all supported Windows platforms, all supported Unix platforms, NetWare, OS/2, and OpenVMS)
* Version 4.5.4 of Sophos Anti-Virus (all platforms)
Fixes are reportedly expected to be available by 2005-07-29 for Sophos Anti-Virus Small Business Edition on all Windows platforms, and within the next 14 days for the other remaining versions.