Minor flaws patched in Sophos AV

Security vulnerabilities found and fixed.

Two separate flaws have been reported in Sophos's anti-virus engine, affecting most of its product range and allowing security bypass and possible cross-site scripting.

confidence-2012

The more serious flaw, which involves passing possibly dangerous content into the product's log file via a specially crafted filename, is labelled 'Moderately Critical' by Secunia and could be exploited to run exploit code when trying to print the logs. The second flaw, an archive handling vulnerability affecting scanning of CAB, LZH and RAR files, could prevent the product from scanning specially crafted archives, and is considered a much less serious threat.

Both problems have been fixed in recent updates, which should be applied automatically in most cases, and users are as usual advised to ensure they are running the latest versions and patches. Summaries of the issues can be found at Secunia here and here, with more detail from Sophos here and here.

10 September 2007

Tags: css, patch, sophos, vulnerability.   

 del.icio.us  digg this! digg this

Quick Links

Poll
Does your company allow you to use a personal laptop/mobile device to access company resources?
Yes, it's allowed
Yes, it's actively encouraged
No
I don't know
Leave a comment
View 2 comments

Jobs Career Sidebar

Malware Prevalence
Autorun |#######|
Encrypted/Obfuscated |#####|
Heuristic/generic |#####|
Sality |####|
Zbot |####|
 View this month's full report

Virus Bulletin currently has 225,280 registered users.