Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length.
https://exchange.xforce.ibmcloud.com/vulnerabilities/21608
http://www.sophos.com/support/knowledgebase/article/3409.html
http://www.securityfocus.com/bid/14362
http://www.rem0te.com/public/images/sophos.pdf