Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sophos Anti-Virus扫描引擎'Veex.DLL'多个溢出漏洞
Vulnerability Description
Sophos Anti-Virus是英国Sophos公司的一套适用于多种操作系统的反病毒软件。该软件可实时侦测和清除病毒、间谍软件、木马和蠕虫,确保台式机和笔记本电脑的全面网络保护。 Sophos AntiVirus在解析SIT和CPIO文档时存在溢出漏洞,远程攻击者可能利用此漏洞在扫描机器上执行指令。 CPIO文档中的超长非NULL字符结尾的文件名串会导致veex.dll发生栈溢出,而SIT文档中的超长非NULL字符结尾的文件名串会导致veex.dll发生堆溢出。
CVSS Information
N/A
Vulnerability Type
N/A