

Multiple critical vulnerabilities in Sophos products - jmillikin
http://archives.neohapsis.com/archives/fulldisclosure/2012-11/0032.html

======
tlb
Yikes. Tavis's paper shows multiple buffer overflow attacks against code in
Sophos that scans executables and PDF files for viruses, so just by sending
someone a file you can inject code into the virus checker, which has maximum
privileges. It also disables address space randomization so exploitation is
easy.

------
packetslave
"The paper includes a working pre-authentication remote root exploit that
requires zero-interaction, and could be wormed within the next few days. I
would suggest administrators deploying Sophos products study my results
urgently, and implement the recommendations."

Ouch. That's pretty much the definition of an "oh crap" vulnerability.

