Remote File Execution Vulnerability in Sophos Antivirus Software
CVE-2005-3382
Summary
The vulnerability in Sophos Antivirus 3.91, related to an error in file interpretation, enables attackers to bypass the virus scanning mechanism. Specifically, files with an 'MZ' magic byte sequence, typically indicative of executable files, may be misclassified as safe types. This flaw allows malicious files with HTML, BAT, or EML contents to evade detection, potentially leading to execution on the system. An example of this exploit is demonstrated through a 'triple headed' program containing mixed file types, which illustrates the risk posed by this magic byte issue. Organizations using affected versions of Sophos should consider implementing stricter file type controls and scanning mechanisms.
References
Timeline
Vulnerability published
Vulnerability Reserved