Vulnerability found in Sophos antivirus product

10.05.2006
Antivirus software firm Sophos PLC usually issues advisories about software vulnerabilities and threats in third-party products. This week the company warned enterprises of a vulnerability affecting a wide range of its own products.

The vulnerability exists in the way in which Sophos' software handles Microsoft cabinet files (CAB), which are compressed collections of files, according to a statement from Sophos.

The SANS Internet StormCenter called the vulnerability a critical one because of its potential to be exploited remotely.

"The vulnerability can be exploited by crafting a special CAB file with invalid folder count values in the header," SANS said. This can result in the corruption of heap memory and allows the hacker to execute arbitrary code on the compromised system.

Ron O'Brien, senior security analyst at Sophos, downplayed the threat and said it only presented a theoretical risk. "We don't have any indication of anybody exploiting the vulnerability, so the impact in this case has been low," he said.

Several Sophos products are affected by the flaw, including its desktop antivirus software, its small business portfolio and its line of gateway security products, such as PureMessage and MailMonitor.