Sophos Anti-Virus Engine < 3.50.1 System Objects DoS

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

An antivirus application on the remote Windows host is affected by a
denial of service vulnerability.

Description :

The Sophos Anti-Virus install on the remote host uses an engine version
earlier than 3.50.1. As such, it reportedly has a misconfigured Access
Control List (ACL) on certain system objects that could allow a local
attacker to cause the host to become sluggish and eventually crash, or
display false 'ready for update' message popups.

See also :

Solution :

Upgrade to Sophos Anti-Virus engine version 3.50.1 or later.

Risk factor :

Medium / CVSS Base Score : 4.9
CVSS Temporal Score : 3.8
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 72337 ()

Bugtraq ID: 65286

CVE ID: CVE-2014-1213