The Abingdon, England-based company said that Sophos Anti-Virus can potentially be attacked by a buffer overflow, which knocks out a program by flooding it with data. A patch has already been created for Sophos Antivirus 4.5.4 and for most versions of Sophos Antivirus 3.96.0. An update for Sophos Anti-Virus Small Business Edition will be released on Friday, and all other versions will be fixed within two weeks, the antivirus maker said.
"Although theoretically a risk, Sophos has not seen any examples of malware attempting to exploit this vulnerability," the company said in its advisory.
The flaw was discovered by Alex Wheeler, the company stated. Earlier in the week, Neel Mehta of Internet Security Systems in Atlanta, said that he and Wheeler would hold a session at the Black Hat security conference this week in Las Vegas to outline how antivirus programs could increasingly become targets for hackers because of latent flaws.
In the past year, ISS has discovered bugs in products from security software makers Symantec, McAfee, Trend Micro and F-Secure, he noted. Earlier this week, several flaws discovered by ISS were disclosed and fixed in Clam Antivirus, a popular open-source virus scanner.
