Sophos Anti-Virus Scanning Engine Veex.DLL Multiple Buffer Overflow Vulnerabilities

Sophos Anti-Virus Scanning Engine Veex.DLL Multiple Buffer Overflow Vulnerabilities

Sophos antivirus scanning engine is prone to multiple remote stack-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause denial-of-service conditions.

Versions prior to 2.4.0 are vulnerable to this issue.