iDefense reports file-handling vulnerabilities.
Security researchers at
iDefense
have released information on four separate bugs in the
Sophos
anti-virus engine, affecting most
Sophos
products. The bugs are in the handling of
Petite
and
rar
archives and
chm
files, and can be used to cause excessive resource usage and possible denial of service.
The heap overflow, memory corruption and infinite loop problems require specially crafted files to take advantage of them, and none of the vulnerabilities are thought to be in use by any exploits.
Sophos
has released patches for the bugs in its latest updates to customers.
A
Sophos
advisory on the problems is
here
, and
Secunia
alerts are
here
and
here
. None of the issues are rated above the ‘moderately critical’ level.
Posted on 31 October 2006 by
Virus Bulletin
Leave a Reply