Sophos.Anti-Virus.CAB.File.Invalid.Folder.Count.Buffer.Overflow
Description
This indicates a possible attempt to exploit a Heap Overflow vulnerability in Sophos Anti-Virus Library.
The vulnerability is due to the library's failure to properly bounds check user supplied input before copying data to an internal memory buffer, when scanning CAB files.
Affected Products
Sophos Anti-Virus for Windows 2000/XP/2003 version 5.2.0 and prior
Sophos Anti-Virus for Windows 95/98/Me version 4.5.11 and prior
Sophos Anti-Virus for Windows NT version 4.5.11 and prior
Sophos Anti-Virus for Windows NT/2000/XP/2003 version 4.04 and prior
Sophos Anti-Virus for Windows 95/98/Me version 4.04 and prior
Sophos Anti-Virus for Mac OS X version 4.7.1 and prior
Sophos Anti-Virus for Mac OS 8/9 version 4.04 and prior
Sophos Anti-Virus for UNIX/Linux version 4.04 and prior
Sophos Anti-Virus for NetWare version 4.04 and prior
Sophos Anti-Virus for OS/2 version 4.04 and prior
Sophos Anti-Virus for OpenVMS version 4.04 and prior
Sophos Anti-Virus for DOS/Windows 3.1x version 4.04 and prior
Sophos Anti-Virus Small Business Edition (Windows) version 4.04 and prior
Sophos Anti-Virus Small Business Edition (Mac) version 4.04 and prior
PureMessage Small Business Edition version 4.04 and prior
PureMessage for Windows/Exchange SAV version version 5.2.0 and prior
PureMessage for UNIX SAV version version 4.04 and prior
MailMonitor for SMTP - Windows SAV version version 4.04 and prior
MailMonitor for SMTP - Windows SAV version version 4.04 and prior
MailMonitor for Notes/Domino SAV version version 4.04 and prior
MailMonitor for Exchange SAV version version 4.04 and prior
Impact
System Compromise: Arbitrary code execution.
Recommended Actions
Apply the patch or update to a newer version:
http://www.sophos.com
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |