Sophos Anti-Virus SSDT Hooks Local Denial of Service Vulnerability

Sophos Anti-Virus is prone to a local denial-of-service vulnerability because it fails to adequately bounds-check user-supplied data.

Exploiting this vulnerability allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Sophos Anti-Virus 7.0.5 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus