Sophos.Anti-Virus.CAB.File.Invalid.Folder.Count.Buffer.Overflow

description-logoDescription

This indicates a possible attempt to exploit a Heap Overflow vulnerability in Sophos Anti-Virus Library.
The vulnerability is due to the library's failure to properly bounds check user supplied input before copying data to an internal memory buffer, when scanning CAB files.

affected-products-logoAffected Products

Sophos Anti-Virus for Windows 2000/XP/2003 version 5.2.0 and prior
Sophos Anti-Virus for Windows 95/98/Me version 4.5.11 and prior
Sophos Anti-Virus for Windows NT version 4.5.11 and prior
Sophos Anti-Virus for Windows NT/2000/XP/2003 version 4.04 and prior
Sophos Anti-Virus for Windows 95/98/Me version 4.04 and prior
Sophos Anti-Virus for Mac OS X version 4.7.1 and prior
Sophos Anti-Virus for Mac OS 8/9 version 4.04 and prior
Sophos Anti-Virus for UNIX/Linux version 4.04 and prior
Sophos Anti-Virus for NetWare version 4.04 and prior
Sophos Anti-Virus for OS/2 version 4.04 and prior
Sophos Anti-Virus for OpenVMS version 4.04 and prior
Sophos Anti-Virus for DOS/Windows 3.1x version 4.04 and prior
Sophos Anti-Virus Small Business Edition (Windows) version 4.04 and prior
Sophos Anti-Virus Small Business Edition (Mac) version 4.04 and prior
PureMessage Small Business Edition version 4.04 and prior
PureMessage for Windows/Exchange SAV version version 5.2.0 and prior
PureMessage for UNIX SAV version version 4.04 and prior
MailMonitor for SMTP - Windows SAV version version 4.04 and prior
MailMonitor for SMTP - Windows SAV version version 4.04 and prior
MailMonitor for Notes/Domino SAV version version 4.04 and prior
MailMonitor for Exchange SAV version version 4.04 and prior

Impact logoImpact

System Compromise: Arbitrary code execution.

recomended-action-logoRecommended Actions

Apply the patch or update to a newer version:
http://www.sophos.com

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)