Critical vulnerability affecting Sophos Anti-Virus

A vulnerability has been discovered in Sophos’s unpacking of Microsoft Cabinet files, whereby a Microsoft Cabinet (CAB) file could be deliberately crafted to allow an attacker to execute arbitrary code on a vulnerable installation of Sophos Anti-Virus.



As the Sophos advisory notes, although theoretically a risk, the company have not seen any examples of malware attempting to employ this vulnerability. Furthermore, the vulnerability does not prevent Sophos’s desktop on-access scanner from correctly detecting viruses (and preventing actual infection) which are unpacked from affected files, so the risks of infection are very small.



List of vulnerable products is availble over here.