Friday, December 19, 2008 9:53 AM
cmosby
Sophos Anti-Virus Products CAB Archive Processing Vulnerability - Secunia
Sophos Anti-Virus Products CAB Archive Processing Vulnerability
Secunia Advisory:
SA33177
Release Date:
2008-12-19
Popularity:
186 views
Critical:
Moderately critical
Impact:
DoS
System access
Where:
From remote
Solution Status:
Vendor Patch
Software:
Sophos Anti-Virus 4.x
Sophos Anti-Virus 5.x
Sophos Anti-Virus 7.x
Sophos Anti-Virus Small Business Edition
Sophos Anti-Virus Small Business Edition 2.x
Sophos MailMonitor for Notes/Domino
Sophos MailMonitor for SMTP
Sophos PureMessage for UNIX 4.x
Sophos PureMessage for UNIX 5.x
Sophos PureMessage Small Business Edition 2.x
Subscribe:
Instant alerts on relevant vulnerabilities 
Description:
A vulnerability has been reported in various Sophos Anti-Virus products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
The vulnerability is caused due to an unspecified error when processing certain malformed CAB archives. This can be exploited to crash the application and may allow the execution of arbitrary code.
Successful exploitation requires that CAB archive scanning is enabled (disabled by default).
Solution:
Fixed in the Sophos virus engine 2.82.1.
EM Library and Sophos small business customers should receive automatic updates.
Provided and/or discovered by:
Jonathan Brossard, iViZ Techno Solutions Pvt. Ltd.
The vendor also credits Oulu University Secure Programming Group.
Original Advisory:
Sophos:
http://www.sophos.com/support/knowledgebase/article/50611.html
Oulu University Secure Programming Group:
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
iViZ:
http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html
Filed under: Patch Management, AntiVirus Information, Security