Sophos Anti-Virus products - Critical vulnerability in scanning CAB files
Critical vulnerability in Sophos Anti-Virus products
Advisory: Crafted Microsoft CAB file can allow arbitrary code to be run
QUOTE: A vulnerability has been discovered in Sophos's unpacking of Microsoft Cabinet files, whereby a Microsoft Cabinet (CAB) file could be deliberately crafted to allow an attacker to execute arbitrary code on a vulnerable installation of Sophos Anti-Virus. Although theoretically a risk, Sophos has not seen any examples of malware attempting to employ this vulnerability.