Buffer Overflow Vulnerabilities in Sophos Anti-Virus Product
CVE-2006-6335

Currently unrated

Key Information:

Vendor

Sophos
Status
Sophos Anti-virus
Vendor
CVE Published:
12 December 2006

What is CVE-2006-6335?

Multiple buffer overflow vulnerabilities in the Sophos Anti-Virus scanning engine prior to version 2.40 permit attackers to execute arbitrary code remotely. An attacker could leverage a specially crafted SIT archive with a long, non-null-terminated filename to trigger a heap-based overflow in veex.dll. Additionally, a malicious CPIO archive with a similarly inappropriate filename length leads to a stack-based overflow in the same DLL. This exploitation underscores the importance of proper input validation to prevent malicious exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.zerodayinitiative.com/advisories/ZDI-06-046.html
x_refsource_MISC
http://www.sophos.com/support/knowledgebase/article/17340...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/21563
vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.