2 results (0.011 seconds)

CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 0

Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll. Múltiples desbordamientos de búfer en el motor de escaneo Sophos Anti-Virus en versiones anteriores a la 2.40 permiten a atacantes remotos ejecutar código de su elección a través de (1) un archivo SIT con nombre de fichero largo que no termina en nulo, que dispara un desbordamiento basado en pila en el veex.dll debido a un cálculo de longitud inapropiada y (2) archivo CPIO, con un nombre de fichero largo que no termina en nulo, que dispara un desbordamiento basado en pila en el veex.dll. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Anti-Virus. The specific flaw exists in the parsing of SIT archives. When a long non-null terminated filename is processed by veex.dll, a heap overflow occurs due to the miscalculation of the string's actual size. Exploitation is possible leading to remote code execution running under the SYSTEM context. • http://secunia.com/advisories/23325 http://www.securityfocus.com/archive/1/454197/100/0/threaded http://www.securityfocus.com/archive/1/454211/100/0/threaded http://www.securityfocus.com/bid/21563 http://www.sophos.com/support/knowledgebase/article/17340.html http://www.sophos.com/support/knowledgebase/article/21637.html http://www.vupen.com/english/advisories/2006/4919 http://www.zerodayinitiative.com/advisories/ZDI-06-045.html http://www.zerodayinitiative.com/advisories/ZDI-06-04 •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned. • http://www.sophos.com/support/knowledgebase/article/3803.html http://www.vupen.com/english/advisories/2006/0347 https://exchange.xforce.ibmcloud.com/vulnerabilities/24345 •