SECUNIA ADVISORY ID: SA23325

VERIFY ADVISORY: http://secunia.com/advisories/23325/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE:
Sophos Anti-Virus for Windows 6.x - http://secunia.com/product/12449/
Sophos Anti-Virus 3.x - http://secunia.com/product/164/
Sophos Anti-Virus 4.x - http://secunia.com/product/5391/
Sophos Anti-Virus 5.x - http://secunia.com/product/5390/

DESCRIPTION: Two vulnerabilities have been reported in Sophos Anti-Virus, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities allows execution of arbitrary code.

1) A boundary error in veex.dll when processing CPIO archives can be exploited to cause a stack-based buffer overflow via a CPIO archive containing an overly long, non-NULL terminated filename.

2) A boundary error in veex.dll when parsing SIT archives can be exploited to cause a heap-based buffer overflow via a SIT archive containing a file with an overly long, non-NULL terminated filename.

SOLUTION: Update to version 2.40 of the scanning engine.

PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous person and reported via ZDI.

ORIGINAL ADVISORY:
Sophos:
http://www.sophos.com/support/knowledgebase/article/17340.html
http://www.sophos.com/support/knowledgebase/article/21637.html

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-06-045.html
http://www.zerodayinitiative.com/advisories/ZDI-06-046.html