Tuesday, 31 October 2006
Vulnerabilities Identified in Sophos Anti-Virus Products |
| |
|
| |
A vulnerability has been reported in Sophos Anti-Virus, which can be exploited by malicious people to cause a Denial of Service (DoS). An unspecified error in the Petite plugin when processing Petite archives containing a large number of large sectors can be exploited to DoS the virus engine, as per a report released by Secunia.
An update is available for virus scanners on all platforms; yet it will likely be December before Sophos corrects a flaw through which RAR archives can send antivirus products into an endless loop. Around that same time the software maker intends to close security holes in the processing routines for help files in the CHM format; attackers can use them to provoke buffer overflows that could potentially plant malicious code, officials at Heise Security said.
Sophos claims that the vulnerabilities are not yet being actively exploited and that these are only theoretical problems. Users of Sophos virus scanners other than the Small Business version or the Software EM Library are not provided automated updates and hence should manually download and install the new versions.
|
| |
|
|
| |
|
|
| |
|
|
| |
|
