An signedness error vulnerability exists in Sophos Anti-Virus. The vulnerability is due to insufficient validation of one of the parameters of the VMSF_DELTA filter while parsing RAR files. The vulnerable code calculates new values from this parameter resulting in a memory corruption.

A remote attacker could exploit this vulnerability by causing Sophos Anti-Virus to process a specially crafted RAR file. Successful exploitation could result in arbitrary code execution in the context of the affected service, which is SYSTEM by default.

Sophos released the following advisory regarding this issue:

http://www.sophos.com/en-us/support/knowledgebase/118424.aspx#five

• Sophos Threat Detection Engine Prior to 3.37.2

• Access vector is NETWORK
• Access complexity is MEDIUM
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is COMPLETE
• Impact of this vulnerability on data integrity is COMPLETE
• Impact of this vulnerability on data availability is COMPLETE

• The exploitability level of this vulnerability is UNPROVEN
• The remediation level of this vulnerability is OFFICIAL FIX
• The report confidence level of this vulnerability is CONFIRMED