News
News
7/28/2005
01:34 PM
50%
50%

Sophos Is Latest Anti-Virus Vendor With Vulnerabilities

A bug in Sophos' anti-virus software can be exploited by attackers to gain complete control of a compromised computer, the bug tracker firm Secunia said on Thursday.

A bug in Sophos' anti-virus software can be exploited by attackers to gain complete control of a compromised computer, the bug tracker firm Secunia said on Thursday. Patches are not yet available for all the affected editions.

The vulnerability, touted by bug tracker Secunia as "highly critical," can be exploited to create a heap-based buffer overflow. Attacks which cause the most damage tend to originate with a buffer overflow, which lets experienced attackers completely compromise a system, and then introduce their own code, delete files, or purge users.

Sophos has fixed the flaw in Sophos Anti-Virus 3.96.0 for Windows, Unix, NetWare, OS/2, and OpenVMS. It's also been corrected in all versions of Sophos Anti-Virus 4.5.4.

The Windows editions of Sophos Anti-Virus Small Business Edition should be patched by Friday, July 29, Sophos said in a support notice. The rest of its Anti-Virus line-up should fixed in the next two weeks, the company added.

Sophos credited Alex Wheeler, an independent security researcher, with the discovery. Wheeler and Neel Mehta of Internet Security Systems have been digging into anti-virus products since February. They presented their findings at this week's Black Hat security conference in Las Vegas.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.