Intrusion Prevention

Sophos.Anti-Virus.CHM.File.Heap.Overflow

Description

This indicates a possible attempt to exploit a buffer overflow vulnerability in Sophos Anti-Virus and Endpoint Security.
This vulnerability is a result of a heap overflow error that occurs when handling malformed CHM files. It can be exploited by attackers to execute arbitrary commands and compromise a vulnerable system, for example by sending an e-mail containing a malicious file to a computer being protected by the application.

Affected Products

Sophos Anti-Virus + Application Control for Windows 2000/XP/2003 versions 6.x
Sophos Anti-Virus for Windows 2000/XP/2003 versions 6.x
Sophos Endpoint Security + Application Control 2000/XP/2003 versions 6.x
Sophos Endpoint Security versions 6.x
Sophos Anti-Virus for Linux (on-access) versions 5.x
Sophos Anti-Virus for AIX (PowerPC) versions 4.x
Sophos Anti-Virus for FreeBSD 6+ versions 4.x
Sophos Anti-Virus for FreeBSD 5.2+ versions 4.x
Sophos Anti-Virus for FreeBSD 3+ versions 4.x
Sophos Anti-Virus for FreeBSD 4.5+ versions 4.x
Sophos Anti-Virus for HP-UX (AMD64, glibc 2.3) versions 4.x
Sophos Anti-Virus for HP-UX (Itanium) versions 4.x
Sophos Anti-Virus for Linux (AMD64, glibc 2.3) versions 4.x
Sophos Anti-Virus for Linux (Intel, libc6) versions 4.x
Sophos Anti-Virus for Linux (Intel, libc6-glibc2.2) versions 4.x
Sophos Anti-Virus for Solaris (SPARC) versions 4.x
Sophos Anti-Virus for Solaris (Intel) versions 4.x
Sophos Anti-Virus for Tru64 UNIX (Alpha) versions 4.x
Sophos Anti-Virus for Windows 95/98/Me versions 4.x
Sophos Anti-Virus for Windows NT/2000/XP versions 4.x
Sophos Anti-Virus for NetWare versions 4.x
Sophos Anti-Virus for Windows NT versions 4.x
Sophos Anti-Virus for Macintosh versions 4.x
Sophos Anti-Virus for OS X versions 4.x

Impact

Denial of service: memory corruption.

Recommended Actions

Apply fixes :
http://www.sophos.com/support/updates

CVE References

CVE-2006-5646