Intrusion Prevention

Sophos.Anti-Virus.CAB.File.Invalid.Folder.Count.Heap.Overflow

Description

It indicates a possible exploit of heap overflow vulnerability in Sophos Anti-Virus Library when scanning CAB files.
This issue is due to the library's failure to properly bounds-check user-supplied input before copying data to an internal memory buffer.

Affected Products

Sophos Anti-Virus for Windows 2000/XP/2003 version 5.2.0 and prior
Sophos Anti-Virus for Windows 95/98/Me version 4.5.11 and prior
Sophos Anti-Virus for Windows NT version 4.5.11 and prior
Sophos Anti-Virus for Windows NT/2000/XP/2003 version 4.04 and prior
Sophos Anti-Virus for Windows 95/98/Me version 4.04 and prior
Sophos Anti-Virus for Mac OS X version 4.7.1 and prior
Sophos Anti-Virus for Mac OS 8/9 version 4.04 and prior
Sophos Anti-Virus for UNIX/Linux version 4.04 and prior
Sophos Anti-Virus for NetWare version 4.04 and prior
Sophos Anti-Virus for OS/2 version 4.04 and prior
Sophos Anti-Virus for OpenVMS version 4.04 and prior
Sophos Anti-Virus for DOS/Windows 3.1x version 4.04 and prior
Sophos Anti-Virus Small Business Edition (Windows) version 4.04 and prior
Sophos Anti-Virus Small Business Edition (Mac) version 4.04 and prior
PureMessage Small Business Edition version 4.04 and prior
PureMessage for Windows/Exchange SAV version version 5.2.0 and prior
PureMessage for UNIX SAV version version 4.04 and prior
MailMonitor for SMTP - Windows SAV version version 4.04 and prior
MailMonitor for SMTP - Windows SAV version version 4.04 and prior
MailMonitor for Notes/Domino SAV version version 4.04 and prior
MailMonitor for Exchange SAV version version 4.04 and prior

Impact

Execute arbitrary code

CVE References

CVE-2006-0994