In association with heise online

27 August 2007, 08:34

Two vulnerabilities in Sophos Anti-Virus fixed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An update fixes two vulnerabilities in Sophos anti-virus software for Windows and Unix/Linux. Using a manipulated file packed using the UPX runtime packer, an attacker can send the anti-virus software into an infinite loop. In addition to exploiting this bug to deny service, attackers may also be able to remotely inject arbitrary malicious code onto the computer.

Sophos Anti-Virus may also enter an infinite loop when processing BZip archives. This can also be exploited for DOS attacks through the resulting high CPU and memory usage. The vulnerabilities, which affect versions prior to version 2.48.0, were discovered in May. An update released on 23rd August fixes both vulnerabilities. Users of the application should install the update as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit