Sophos Anti-Virus CAB File Scanning Remote Heap Overflow Vulnerability
BID:17876
Info
Sophos Anti-Virus CAB File Scanning Remote Heap Overflow Vulnerability
| Bugtraq ID: | 17876 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-0994 |
| Remote: | Yes |
| Local: | No |
| Published: | May 08 2006 12:00AM |
| Updated: | May 08 2006 11:54PM |
| Credit: | The original discoverer of this issue wishes to remain anonymous. |
| Vulnerable: |
Sophos PureMessage Small Business Edition 4.04 Sophos PureMessage for Windows/Exchange 5.2 Sophos PureMessage for UNIX 4.04 Sophos MailMonitor for SMTP 2.1 Sophos MailMonitor for SMTP 2.0 Sophos MailMonitor for SMTP 4.04 Sophos MailMonitor for Notes/Domino 4.04 Sophos MailMonitor for Notes/Domino Sophos MailMonitor for Exchange 4.04 Sophos Anti-Virus Small Business Edition 4.04 Sophos Anti-Virus 5.2 Sophos Anti-Virus 4.7.1 Sophos Anti-Virus 4.5.11 Sophos Anti-Virus 3.96 .0 Sophos Anti-Virus 3.95 Sophos Anti-Virus 3.91 Sophos Anti-Virus 3.90 Sophos Anti-Virus 3.86 Sophos Anti-Virus 3.85 Sophos Anti-Virus 3.84 Sophos Anti-Virus 3.83 Sophos Anti-Virus 3.82 Sophos Anti-Virus 3.81 Sophos Anti-Virus 3.80 Sophos Anti-Virus 3.79 Sophos Anti-Virus 3.78 d Sophos Anti-Virus 3.78 Sophos Anti-Virus 3.4.6 Sophos Anti-Virus 4.04 |
| Not Vulnerable: |
Sophos PureMessage Small Business Edition 4.05 Sophos PureMessage for Windows/Exchange 5.2.1 Sophos PureMessage for UNIX 4.05 Sophos MailMonitor for SMTP 4.05 Sophos MailMonitor for Notes/Domino 4.05 Sophos MailMonitor for Exchange 4.05 Sophos Anti-Virus Small Business Edition 4.05 Sophos Anti-Virus 5.2.1 Sophos Anti-Virus 4.7.2 Sophos Anti-Virus 4.5.12 Sophos Anti-Virus 4.05 |
Discussion
Sophos Anti-Virus CAB File Scanning Remote Heap Overflow Vulnerability
A remote heap-overflow vulnerability exists in Sophos Anti-Virus Library when scanning CAB files. This issue is due to the library's failure to properly bounds-check user-supplied input before copying data to an internal memory buffer.
Successfully exploiting this vulnerability could result in arbitrary code execution with the privileges of the application.
A remote heap-overflow vulnerability exists in Sophos Anti-Virus Library when scanning CAB files. This issue is due to the library's failure to properly bounds-check user-supplied input before copying data to an internal memory buffer.
Successfully exploiting this vulnerability could result in arbitrary code execution with the privileges of the application.
Exploit / POC
Sophos Anti-Virus CAB File Scanning Remote Heap Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Sophos Anti-Virus CAB File Scanning Remote Heap Overflow Vulnerability
Solution:
The vendor has released an advisory along with fixes to address this issue.
Please see the referenced advisory for further information. Please contact the vendor for details on obtaining fixes.
Solution:
The vendor has released an advisory along with fixes to address this issue.
Please see the referenced advisory for further information. Please contact the vendor for details on obtaining fixes.
References
Sophos Anti-Virus CAB File Scanning Remote Heap Overflow Vulnerability
References:
References: