Sophos Anti-Virus SIT Archive Parsing Buffer Overflow Vulnerability

ID ZDI-06-046
Type zdi
Reporter Anonymous
Modified 2006-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Anti-Virus.

The specific flaw exists in the parsing of SIT archives. When a long non-null terminated filename is processed by veex.dll, a heap overflow occurs due to the miscalculation of the string's actual size. Exploitation is possible leading to remote code execution running under the SYSTEM context.