Intrusion Prevention



This indicates an attack attempt to exploit a Memory Corruption vulnerability in Sophos Anti-Virus.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted RAR file with an invalid Channels parameter value of the VMSF_DELTA filter. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted RAR file.

Affected Products

Sophos Threat Detection Engine Prior to 3.37.2


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Other References knowledgebase/118424.aspx#five