Denial of Service Vulnerability in Sophos Anti-Virus Products
CVE-2008-1737
Currently unrated
Summary
A vulnerability exists in Sophos Anti-Virus 7.0.5 and other 7.x versions when Runtime Behavioural Analysis is enabled. This flaw allows local users to initiate a denial of service, which can result in a system reboot with the anti-virus product disabled. Moreover, the vulnerability could potentially enable unauthorized privilege escalation. It occurs due to insufficient validation of a length field in the ObjectAttributes argument within the NtCreateKey function in the hooked System Service Descriptor Table (SSDT).
References
Timeline
Vulnerability published
Vulnerability Reserved