Risk: High
You rely on a host of security measure to protect your computers from threats; increasingly, hackers are targeting security products such as VPNs and Firewalls. And in this case, an anti-virus software has been found vulnerable.
Sophos Anti-Virus Buffer Overflow Vulnerability
A buffer overflow vulnerability has been discovered in some versions of Sophos Anti-Virus (SAV). The vulnerability is due to an error in veex.dll when parsing Visio files and can be exploited to cause a heap-based buffer overflow via a specially crafted Visio file. Successful exploitation allows execution of arbitrary code.
According to Sophos, there have not been examples of attempts to exploit this vulnerability. Sophos has also released patched versions of all its products to protect against this vulnerability.
Customers using EM Library and Sophos small business solutions will receive these updates automatically.