Sophos removes holes in Anti-Virus
Sophos has released a brief announcement that updates are available to cure various security problems in its antivirus products. The problems were first reported by iDefense and Tipping Point. The notice indicates that the updates have already been distributed over the course of the last two weeks. In some cases the holes potentially could have been exploited through prepared emails smuggling in and executing code, but no live exploits were ever detected. [Update] Immediately after publication, the first demo exploits showed up in some internet archives.[/Update] It remains unclear, why the problems in the Petite, RAR and CHM file formats that were reported and supposedly fixed in October appear again in the new advisory.