Sophos Anti-Virus Visio File Processing Overflow

2005-07-28T09:45:56
ID OSVDB:18464
Type osvdb
Reporter Alex Wheeler()
Modified 2005-07-28T09:45:56

Description

Vulnerability Description

A remote overflow exists in Sophos Anti-Virus. The Anti-virus engine fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted Visio file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Technical Description

The Sophos Anti-virus engine is used in a wide variety of Anti-virus products. Along with the products listed here, others may be vulnerable.

Solution Description

Contact the vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Sophos Anti-Virus. The Anti-virus engine fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted Visio file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.sophos.com/ Vendor Specific Advisory URL Security Tracker: 1014588 Secunia Advisory ID:16245 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0892.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0945.html ISS X-Force ID: 21608 CVE-2005-2768 Bugtraq ID: 14362