Sophos Anti-Virus SIT Archive Parsing Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Anti-Virus. The specific flaw exists in the parsing of SIT archives. When a long non-null terminated filename is processed by veex.dll, a heap overflow occurs due to the miscalculation of the string’s actual size. Exploitation is possible leading to remote code execution running under the SYSTEM context.