Sophos Anti-Virus多个拒绝服务漏洞

https://www.exploit-db.com/exploits/2912
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-005

SophosAnti-Virus是英国Sophos公司的一套适用于多种操作系统的反病毒软件。该软件可实时侦测和清除病毒、间谍软件、木马和蠕虫，确保台式机和笔记本电脑的全面网络保护。如果设置了"允许扫描文档"的话，则攻击者可以构造畸形的RAR文档，将ArchiveHeader部分的head_size和pack_size字段设置为0。如果SophosAnti-Virus用户扫描了上述文档的话，就会触发死循环，导致拒绝服务。

Multiple Vendor Antivirus RAR File Denial of Service Vulnerability

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/2912.rar (12102006-sophos_intifiniti.rar)

# milw0rm.com [2006-12-10]

来源:www.sophos.com
链接:http://www.sophos.com/support/knowledgebase/article/7609.html
来源:BID
名称:20816
链接:http://www.securityfocus.com/bid/20816
来源:VUPEN
名称:ADV-2006-4239
链接:http://www.frsirt.com/english/advisories/2006/4239
来源:SECTRACK
名称:1017132
链接:http://securitytracker.com/id?1017132
来源:SECUNIA
名称:22591
链接:http://secunia.com/advisories/22591
来源:IDEFENSE
名称:20061208MultipleVendorAntivirusRARFileDenialofServiceVulnerability
链接:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439
来源:SECTRACK
名称:1018450
链接:http://www.securitytracker.com/id?1018450
来源:BUGTRAQ
名称:20070726RE:[CAID35525,35526]:CAProductsArclibLibraryDenialofServiceVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/474683/100/0/threaded