Multiple vulnerabilities in Sophos antivirus

Posted: November 9, 2012 in Vulnerabilities
Tags: , , , ,

Sophos antivirus

Vulnerabilities in Sophos Antivirus

Vulnerability: Multiple vulnerabilities in Sophos antivirus

Danger: High
Patch: Yes
Number of vulnerabilities: 6
Vector operation: Remote

Impact: Cross Site Scripting,  Elevation of Privilege,  System compromise.

Affected products:  Sophos Anti-Virus 10.x,  Sophos Anti-Virus 9.x,  Sophos Anti-Virus for Mac OS X 8.x,  Sophos Anti-Virus for Unix 4.x.

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. The vulnerability is caused due to an integer overflow error when scanning files compiled in Visual Basic 6. A remote user can cause an overflow dynamic memory and execute arbitrary code on the target system.

2. The vulnerability is caused due to lack of processing certain data page locks Service Provider (LSP). A remote user can make XSS attack.

3. An error when checking the compression algorithm in the structure CFFolder. This can be exploited via a specially crafted CAB archive to cause a buffer overflow.

4. An error in the opcode byte code VM_STANDARD. This can be exploited via a specially crafted RAR archive to corrupt memory and execute arbitrary code on the target system.

5. The vulnerability exists because the application sets permissions on the lack of security in the directory service updates. Users can create and update modules to increase their privileges.

6. An error in decoding the revision PDF, remote user can trigger a buffer overflow in the stack.

Solution: To resolve the vulnerability patch from the manufacturer.

Links:
http://www.sophos.com/en-us/support/knowledgebase/118424.aspx
http://seclists.org/fulldisclosure/2012/Nov/31
https://lock.cmpxchg8b.com/sophailv2.pdf

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s