Sophos antivirus vulnerabilities…



Sans has the story on a security vulnerability involving specifically crafted .cab files affecting a WIDE range of SOPHOS antivirus products (from desktop to server.)

The main result of the vulnerability is arbitrary code execution, which is a bad thing…. PureMessage and MailMonitor users may be more at risk because, of course, it requires scanning of .cab files to be enabled.


sophos has a KB article on the issue.

Of course, this is a remotely exploitable vulnerability and should be a very high priority. Updates for most affected products have been available since April 28th. (Some were patched on May 5th.)

Related Posts

Blog Traffic Exchange Related Posts
  • Windows updates for February could set record There could be a record number of vulnerabilities addressed next week when Microsoft releases an expected dozen updates for its Windows and Office products. (According to Brian Krebs at the Security Fix.) Tuesday February 13th is the date scheduled for the release of updates. One critical udpate will affect Microsoft's......
  • Microsoft December 2005 Security updates Sans has the tip that information on the critical Windows updates expected tomorrow from Microsoft has started to be released. MS 05-54: Cumulative Security Update for Internet Explorer This will hopefully patch the javascript issues... MS 05-55: Vulnerability in Windows Kernel Could Allow Elevation of Privilege. More later in the......
  • Mac Wireless driver Security vulnerability revisited A couple weeks ago the hot story was about the demonstration of a vulnerability in a 3rd party wireless card driver on a Mac. The individuals that demonstrated the vulnerability (in a video taped presentation) also claimed that many wireless drivers were vulnerable to this same flaw and it included......
Blog Traffic Exchange Related Websites
  • Wordpress 3.0.2 - Auto Updating Error Resolved Wordpress 3.0.2 - Don't Pull Your Hair Out Yet Image by Debs (ò‿ó)♪ via Flickr If you have been using Wordpress for any extended period of time you know that they are constantly updating their plate form. While it re assures me that wordpress is always improving it can also......
  • What is Patch Tuesday? Excellent explanation of Patch Tuesday by TMI Engineering Patch Tuesday is the second Tuesday of each month, the day on which Microsoft releases security patches. Starting with Windows 98, Microsoft included a "Windows Update" system, that would check for patches to Windows and its components which Microsoft would release intermittently. With......
  • Microsoft Security Bulletin MS10-046 - Critical Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Published: August 02, 2010 | Updated: August 03, 2010 Version: 1.1 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site