Several vulnerabilities have been discovered in various Sophos Anti-Virus products, which could be exploited by attackers or malware to take complete control of an affected computer or cause a denial of service.
The first issue is due to a format string error when handling SIT files with specially crafted filenames, which could be exploited by attackers to execute arbitrary commands on a system protected by an exposed application - Sophos.
The second vulnerability is due to a buffer overflow error when processing CPIO files with specially crafted filenames, which could be exploited by attackers to compromise a vulnerable system via a specially crafted file.
Affected Sophos Products Sophos Anti-Virus for Windows 2000 versions 6.x Sophos Anti-Virus for Windows XP versions 6.x Sophos Anti-Virus for Windows 2003 versions 6.x Sophos Anti-Virus for Windows Vista versions 6.x Sophos Anti-Virus for Windows NT versions 4.x Sophos Anti-Virus for Windows 95/98/Me versions 4.x Sophos Anti-Virus for Mac OS X versions 4.x Sophos Anti-Virus for Linux versions 5.x Sophos Anti-Virus for UNIX/Linux versions 4.x Sophos Anti-Virus for OpenVMS versions 4.x