News
News
7/28/2005
01:34 PM
Connect Directly
RSS
E-Mail
50%
50%

Sophos Is Latest Anti-Virus Vendor With Vulnerabilities

A bug in Sophos' anti-virus software can be exploited by attackers to gain complete control of a compromised computer, the bug tracker firm Secunia said on Thursday.

A bug in Sophos' anti-virus software can be exploited by attackers to gain complete control of a compromised computer, the bug tracker firm Secunia said on Thursday. Patches are not yet available for all the affected editions.

The vulnerability, touted by bug tracker Secunia as "highly critical," can be exploited to create a heap-based buffer overflow. Attacks which cause the most damage tend to originate with a buffer overflow, which lets experienced attackers completely compromise a system, and then introduce their own code, delete files, or purge users.

Sophos has fixed the flaw in Sophos Anti-Virus 3.96.0 for Windows, Unix, NetWare, OS/2, and OpenVMS. It's also been corrected in all versions of Sophos Anti-Virus 4.5.4.

The Windows editions of Sophos Anti-Virus Small Business Edition should be patched by Friday, July 29, Sophos said in a support notice. The rest of its Anti-Virus line-up should fixed in the next two weeks, the company added.

Sophos credited Alex Wheeler, an independent security researcher, with the discovery. Wheeler and Neel Mehta of Internet Security Systems have been digging into anti-virus products since February. They presented their findings at this week's Black Hat security conference in Las Vegas.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.