header-logo
Suggest Exploit
vendor:
Sophos Antivirus
by:
milw0rm
9,3
CVSS
HIGH
Heap Overflow
119
CWE
Product Name: Sophos Antivirus
Affected Version From: 4.0.0
Affected Version To: 4.0.2
Patch Exists: YES
Related CWE: CVE-2006-6183
CPE: a:sophos:sophos_antivirus
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2006

Sophos Antivirus CHM File Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Antivirus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of CHM files. By supplying a specially crafted CHM file, an attacker can cause a heap overflow resulting in arbitrary code execution.

Mitigation:

Upgrade to the latest version of Sophos Antivirus.
Source

Exploit-DB raw data:

Sophos Antivirus CHM File Heap Overflow Vulnerability

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/2910.chm (12092006-sophos_chunkheap.chm)

# milw0rm.com [2006-12-10]

Navigation

Suggest Exploit

Services By CQR