Sophos Anti-Virus Cross-Site Scripting Vulnerability
Saturday, 8 September 2007
This article discusses a Cross-site scripting vulnerability in Sophos Anti-Virus for Windows, versions 6.x and 7.0.0
The vulnerability is exploited by a handcrafted archive file containing malware and with a tailored filename. The malware is caught, but printing the resulting logfile can cause arbitrary code execution of a secondary script.
It should be noted that there are no known exploits of this vulnerability in the wild and that it is only exploited following user interaction.
What is a Cross-site scripting vulnerability?
Web browsers operate a same origin policy, whereby scripts cannot access or write to another page that is not from the same origin. Cross-site script exploits allow arbitrary scripts to be run in a separate process or page. By injecting malicious script into pages served by other domains, an attacker can gain elevated access privileges.
What to do
This vulnerability has been fixed in Sophos Anti-Virus versions 6.5.8 and above, and 7.0.1 and above.
Customers using EM Library and Sophos small business solutions will have received these updates automatically between 10-22 August 2007.
Ensure that you have the latest version installed.
If you are running Sophos Anti-Virus versions 6.x, Sophos recommends that you upgrade to Sophos Anti-Virus version 7.
If you are unable to update, you should avoid printing Sophos Anti-Virus for Windows logfiles.
Sophos would like to thank Michael Jordon of Context Information Security Ltd. for bringing this issue to our attention.
If you need more information or guidance, then please contact technical support.
Share this content: