In this section

• Home
• Support
• Knowledgebase
• Articles

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

Sophos Anti-Virus: SIT file vulnerability identified

An issue has been discovered in the Sophos scanning engine.

The specific issue exists in the reading in of strings in SIT files, where a crafted filename could cause remote code to be executed. There are no known exploits at the time of writing.

All version of Sophos Anti-Virus running the 2.40 virus engine no longer have this vulnerability.

The CVE number for this issue is CVE-2006-6335.

Sophos would like to thank an anonymous researcher working with TippingPoint and the Zero Day Initiative for reporting this issue.

If you need more information or guidance, then please contact technical support.

• Article ID: 21637
• Created: 8 Dec 2006
• Last updated: 19 Jan 2007

Rate this article Choose a rating Very useful Quite useful Moderately useful Not very useful Not useful at all

•  Read our search tips
• Contact one of our experts
• Suggest an improvement