TITLE: Sophos Anti-Virus Cabinet File Processing Memory Corruption SECUNIA ADVISORY ID: SA20028 VERIFY ADVISORY: http://secunia.com/advisories/20028/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Sophos PureMessage for UNIX 5.x http://secunia.com/product/5622/ Sophos PureMessage for UNIX 4.x http://secunia.com/product/3876/ Sophos MailMonitor for SMTP http://secunia.com/product/165/ Sophos MailMonitor for Notes/Domino http://secunia.com/product/5624/ Sophos Anti-Virus Small Business Edition http://secunia.com/product/9822/ Sophos Anti-Virus 5.x http://secunia.com/product/5390/ Sophos Anti-Virus 4.x http://secunia.com/product/5391/ Sophos Anti-Virus 3.x http://secunia.com/product/164/ Sophos PureMessage for Windows/Exchange 2.x http://secunia.com/product/5623/ Sophos PureMessage Small Business Edition 2.x http://secunia.com/product/9823/ DESCRIPTION: A vulnerability has been reported in various Sophos Anti-Virus products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error when unpacking Microsoft Cabinet files (.CAB). This can be exploited to corrupt heap memory when a specially crafted Cabinet file with an invalid folder count in the CAB header is scanned. Successful exploitation allows execution of arbitrary code, but requires that Cabinet file inspection is enabled. SOLUTION: The vendor has issued updated versions (see patch matrix in the vendor's advisory). PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous researcher and reported via ZDI. ORIGINAL ADVISORY: Sophos: http://www.sophos.com/support/knowledgebase/article/4934.html Zero Day Initiative: http://www.zerodayinitiative.com/advisories/ZDI-06-012.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------