Intrusion Prevention

Sophos.Anti.Virus.RAR.VMSF.DELTA.Filter.Memory.Corruption

Description

This indicates an attack attempt to exploit a Memory Corruption vulnerability in Sophos Anti-Virus.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted RAR file with an invalid Channels parameter value of the VMSF_DELTA filter. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted RAR file.

Affected Products

Sophos Threat Detection Engine Prior to 3.37.2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Other References

http://www.sophos.com/en-us/support/ knowledgebase/118424.aspx#five