Posted by Virus Bulletin on Oct 31, 2006
iDefense reports file-handling vulnerabilities.
Security researchers at iDefense have released information on four separate bugs in the Sophos anti-virus engine, affecting most Sophos products. The bugs are in the handling of Petite and rar archives and chm files, and can be used to cause excessive resource usage and possible denial of service.
The heap overflow, memory corruption and infinite loop problems require specially crafted files to take advantage of them, and none of the vulnerabilities are thought to be in use by any exploits. Sophos has released patches for the bugs in its latest updates to customers.
A Sophos advisory on the problems is here, and Secunia alerts are here and here. None of the issues are rated above the 'moderately critical' level.
Posted on 31 October 2006 by Virus Bulletin
