Denial of Service Vulnerability in Sophos Anti-Virus Products
CVE-2008-1737

Currently unrated

Key Information:

Vendor
Sophos
Vendor
CVE Published:
30 April 2008

Summary

A vulnerability exists in Sophos Anti-Virus 7.0.5 and other 7.x versions when Runtime Behavioural Analysis is enabled. This flaw allows local users to initiate a denial of service, which can result in a system reboot with the anti-virus product disabled. Moreover, the vulnerability could potentially enable unauthorized privilege escalation. It occurs due to insufficient validation of a length field in the ObjectAttributes argument within the NtCreateKey function in the hooked System Service Descriptor Table (SSDT).

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.