: Malicious Zip Files Can Crash Computers Running Sophos AV
Posted on 2005-07-15
Today, iDEFENSE announced a new Denial of Service (DoS) vulnerability affecting the antivirus (AV) engine used by most Sophos products. By sending an e-mail containing a specially crafted, compressed attachment, an attacker could exploit this flaw to crash the system running Sophos' AV software. Since AV software scans incoming files automatically, the attack can succeed even if the victim does not interact with the malicious e-mail. If you use Sophos AV, ensure that all instances of Sophos AV on your network have downloaded Sophos' latest antivirus engine.