News
News
7/28/2005
01:34 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Sophos Is Latest Anti-Virus Vendor With Vulnerabilities

A bug in Sophos' anti-virus software can be exploited by attackers to gain complete control of a compromised computer, the bug tracker firm Secunia said on Thursday.

A bug in Sophos' anti-virus software can be exploited by attackers to gain complete control of a compromised computer, the bug tracker firm Secunia said on Thursday. Patches are not yet available for all the affected editions.

The vulnerability, touted by bug tracker Secunia as "highly critical," can be exploited to create a heap-based buffer overflow. Attacks which cause the most damage tend to originate with a buffer overflow, which lets experienced attackers completely compromise a system, and then introduce their own code, delete files, or purge users.

Sophos has fixed the flaw in Sophos Anti-Virus 3.96.0 for Windows, Unix, NetWare, OS/2, and OpenVMS. It's also been corrected in all versions of Sophos Anti-Virus 4.5.4.

The Windows editions of Sophos Anti-Virus Small Business Edition should be patched by Friday, July 29, Sophos said in a support notice. The rest of its Anti-Virus line-up should fixed in the next two weeks, the company added.

Sophos credited Alex Wheeler, an independent security researcher, with the discovery. Wheeler and Neel Mehta of Internet Security Systems have been digging into anti-virus products since February. They presented their findings at this week's Black Hat security conference in Las Vegas.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.