‫ Sophos Anti-Virus Multiple Vulnerabilities

ID: IRCAD2012112286
Release Date: 2012-11-07
Criticality level: Highly critical
Sophos Anti-Virus 10.x
Sophos Anti-Virus 9.x
Sophos Anti-Virus for Mac OS X 8.x
Sophos Anti-Virus for Unix 4.x
Tavis Ormandy has reported multiple vulnerabilities in Sophos Anti-Virus, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system.
1) An integer overflow error when scanning a Visual Basic 6 compiled file can be exploited to cause a heap-based buffer overflow.
2) Certain input is not properly sanitised within the Layered Service Provider (LSP) block page before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) An error when checking a compression algorithm within the "CFFolder" structure can be exploited to cause a buffer overflow via a specially crafted CAB archive.
4) An error within the VM_STANDARD byte-code opcode can be exploited to corrupt memory via a specially crafted RAR archive.
5) An error when decrypting PDF revision 3 documents during scanning can be exploited to cause a stack-based buffer overflow via a specially crafted file.
Successful exploitation of vulnerabilities #1, #3, #4, and #6 may allow execution of arbitrary code.
Please see the vendor's advisory for a list of affected versions.
Apply updates.
Tavis Ormandy:


بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 20 آبان 1391


امتیاز شما
تعداد امتیازها:0