Forgot your password?
typodupeerror
Security

+ - Sophos A/V riddled with vulnerabilities->

Submitted by arglebargle_xiv
arglebargle_xiv (2212710) writes "Security researcher Tavis Ormandy has had a look at Sophos A/V and found that it'll actually make your system less secure after you install it:

The paper contains details about several vulnerabilities in the Sophos antivirus code responsible for parsing Visual Basic 6, PDF, CAB and RAR files. Some of these flaws can be attacked remotely and can result in the execution of arbitrary code on the system. Ormandy even included a proof-of-concept exploit for the PDF parsing vulnerability which he claims requires no user interaction, no authentication and can be easily transformed into a self-spreading worm.

The findings also include this gem:

Ormandy also found that a component called the 'Buffer Overflow Protection System' (BOPS) that's bundled with Sophos antivirus, disables the ASLR (address space layout randomization) exploit mitigation feature on all Windows versions that support it by default, including Vista and later.

Original paper here."
Link to Original Source

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Sophos A/V riddled with vulnerabilities

Comments Filter:

Computers can figure out all kinds of problems, except the things in the world that just don't add up.

Working...