Sophos antivirus vulnerabilities…



Sans has the story on a security vulnerability involving specifically crafted .cab files affecting a WIDE range of SOPHOS antivirus products (from desktop to server.)

The main result of the vulnerability is arbitrary code execution, which is a bad thing…. PureMessage and MailMonitor users may be more at risk because, of course, it requires scanning of .cab files to be enabled.


sophos has a KB article on the issue.

Of course, this is a remotely exploitable vulnerability and should be a very high priority. Updates for most affected products have been available since April 28th. (Some were patched on May 5th.)

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 5 - Update your software Okay - so after the last article you've inventoried what software you use on a PC and you know what services (server's) the pc runs that you've told it to. You even know what passes as "normal" startup programs. Now it's time to put that to use. It's time to......
  • WMF vulnerability advisory update Microsoft has updated their security bulletin on the WMF vulnerability to note a couple things. One, they acknowledge that embedded images within a document can trigger the exploit. Previously they said this needed further investigation. Second, they are seconding what I've been finding that Windows 98 and other pre-XP systems......
  • How to Remove Eco Antivirus 2010 | Eco Antivirus 2010 Removal Guide Eco Antivirus 2010 is a slight twist (renaming) of the recent Eco Antivirus rogue that has made the rounds. These rogues pretend to be antivirus, or antispyware software, but in reality are not much more than a scam trying to squeeze money out of unsuspecting computer users. These rogue applications......
Blog Traffic Exchange Related Websites
  • Microsoft Security Bulletin MS10-046 - Critical Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Published: August 02, 2010¬†|¬†Updated: August 03, 2010 Version: 1.1 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon......
  • Solidifying WP Security Designed with PHP, and powered by mySQL directories, WordPress is used by an amazing 8.5% of all websites. Web delivered spyware and web page hacking are becoming progressively more common. With such a lot of web content using WordPress as a CMS, any security weaknesses in the CMS structure or......
  • Powerful Web-based Marketing And Advertising Solution Launches Total Product Blueprint ReviewWeb based merchandise launches for digital products are huge business enterprise. But for several sincere and beneficial meaning people beginning out, a products start usually means almost nothing greater than placing their merchandise in to the Clickbank Market and hoping for that top. Which is not a......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site