Description: Alex Wheeler has reported a vulnerability in Sophos Anti-Virus, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in veex.dll when parsing Visio files and can be exploited to cause a heap-based buffer overflow via a specially crafted Visio file.
Successful exploitation allows execution of arbitrary code.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution: The vendor has issued updated versions (see patch matrix in the vendor's advisory).
Provided and/or discovered by: Alex Wheeler
Changelog: 2005-08-26: Added additional information and updated "Solution" section.
2005-09-28: Added CVE reference.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.