There are critical security vulnerabilities in Sophos antivirus software.
The vulnerability includes the publication of a proof of concept (PoC) for a root exploit for Sophos 8.0.6 for Mac OS X, which utilizes a stack buffer overflow when searching through PDF files, said security researcher Tavis Ormandy.
The vulnerability could also affect Linux and Windows versions. Ormandy has published a full analysis on the SecLists.org security mailing list newsletter. A module for the Metasploit penetration testing software is now also available.
Sophos said the company fixed the security deficits on November 5 and the antivirus company is not aware of any of the vulnerabilities suffering exploitation in the wild.
The complete list of bugs identified by Ormandy will end up fixed by November 28, Sophos said.
Ormandy’s paper on security deficits in Sophos software is critical of the product’s approach to address space layout randomization (ASLR).
The paper also describes the ability to use PDF file encryption to trigger a stack buffer overflow, allowing an attacker to use a crafted URL or email to execute malicious code on an affected computer.