CVE-2014-1213

Name of the Vulnerable Software and Affected Versions Sophos Anti-Virus engine (SAVi) versions prior to 3.50.1 VDL 4.97G versions prior to 9.7.9 VDL 4.97G versions 10.0.x prior to 10.0.11 VDL 4.97G versions 10.3.x prior to 10.3.1

Description The issue allows local users to bypass anti-virus protection, cause a denial of service, or spoof messages by performing certain operations on mutexes or events, including DataUpdateRequest, MmfMutexSAV-****, MmfMutexSAV-Info, ReadyForUpdateSAV-****, ReadyForUpdateSAV-Info, SAV-****, SAV-Info, StateChange, SuspendedSAV-****, SuspendedSAV-Info, UpdateComplete, UpdateMutex, UpdateRequest, or SophosALMonSessionInstance. This can be demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects.

Recommendations For Sophos Anti-Virus engine (SAVi) versions prior to 3.50.1, update to version 3.50.1 or later. For VDL 4.97G versions prior to 9.7.9, update to version 9.7.9 or later. For VDL 4.97G versions 10.0.x prior to 10.0.11, update to version 10.0.11 or later. For VDL 4.97G versions 10.3.x prior to 10.3.1, update to version 10.3.1 or later.