Sophos Anti-Virus Unspecified Buffer Overflow Vulnerability

A vulnerability has been reported in Sophos Anti-Virus, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to cause a heap-based buffer overflow.


The vulnerability has been reported in Sophos Anti-Virus Small Business Edition and in Sophos Anti-Virus versions prior to 3.96.0 and prior to 4.5.4.


Solution:
The vendor has included a fix in the following versions:
* Version 3.96.0 of Sophos Anti-Virus (all supported Windows platforms, all supported Unix platforms, NetWare, OS/2, and OpenVMS)
* Version 4.5.4 of Sophos Anti-Virus (all platforms)


Fixes are reportedly expected to be available by 2005-07-29 for Sophos Anti-Virus Small Business Edition on all Windows platforms, and within the next 14 days for the other remaining versions.


http://secunia.com/advisories/16245/

Leave a Reply