Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web Security Appliances (WSA) include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a denial-of-service (DoS) condition. An attacker could exploit these vulnerabilities by sending malformed files to an appliance that is running Sophos Anti-Virus. The malformed files could cause the Sophos antivirus engine to behave unexpectedly.
On November 13, 2012, Cisco qualified and provisioned a Sophos engine to the Cisco IronPort ESA and WSA update servers that fixes the vulnerabilities described in this document.
Future updates to the Sophos engine will be qualified and provisioned to the Cisco IronPort ESA and WSA update servers as they become available.
This advisory is available at the following link:
Cisco is not aware of any active exploitation affecting Cisco customers.