do check for updates 🙂
Recently, researcher Tavis Ormandy contacted Sophos about an examination he had done of Sophos’s anti-virus product, identifying a number of issues:
- A remote code execution vulnerability was discovered in how the Sophos anti-virus engine scans malformed Visual Basic 6 compiled files. Roll-out of a fix for Sophos customers completed on October 22nd 2012. Sophos has seen no evidence of this vulnerability being exploited in the wild.
- A remote code execution vulnerability was discovered in how the Sophos anti-virus engine scans malformed PDF files. Roll-out of a fix for Sophos customers began on November 5th 2012. Sophos has seen no evidence of this vulnerability being exploited in the wild.
- The Sophos web protection and web control Layered Service Provider (LSP) block page was found to include a XSS flaw. Roll-out of a fix for Sophos customers completed on October 22nd 2012. Sophos has seen no evidence of this vulnerability being exploited in the wild.
- Vulnerabilities were found in how Sophos’s anti-virus engine handles malformed CAB and RAR files. These vulnerabilities could cause the Sophos engine to corrupt memory. Roll-out of a fix for the vulnerability related to malformed CAB files completed on October 22nd 2012. Roll-out of a fix for the vulnerability related to malformed RAR files began on November 5th 2012. Sophos has seen no evidence of these vulnerabilities being exploited in the wild.
- An issue was identified with the BOPS technology in Sophos Anti-Virus for Windows and how it interacted with ASLR on Windows Vista and later. This has been resolved, and rollout for Sophos customers completed on October 22nd 2012. Sophos has seen no evidence of this vulnerability being exploited in the wild.
- An issue was identified in how Sophos protection interacts with Internet Explorer’s Protected Mode. Roll-out of a fix for Sophos customers began on November 5th 2012. Sophos has seen no evidence of this vulnerability being exploited in the wild.