Vigil@nce: Sophos AV, denial of service via CAB
December 2008 by Vigil@nce
SYNTHESIS
An attacker can create a malicious CAB file in order to create a
denial of service and eventually to execute code in Sophos AV.
Gravity: 2/4
Consequences: denial of service of service
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 19/12/2008
IMPACTED PRODUCTS
– Sophos Anti-Virus
DESCRIPTION
The CAB format is used to create compressed file archives.
By default, Sophos does not scan archives.
An attacker can create a malicious CAB file in order to create a
denial of service and eventually to execute code in Sophos AV,
when the scan is enabled.
Technical details are unknown. This vulnerability is related to
the OUSPG test suite (VIGILANCE-VUL-7674).
CHARACTERISTICS
Identifiers: 50611, IVIZ-08-015, VIGILANCE-VUL-8348
Pointed by: VIGILANCE-VUL-8319