Security researcher Tavis Ormandy discovered critical vulnerabilities in the antivirus product developed by U.K.-based security firm Sophos. He advised organizations to avoid using the product on critical systems unless the vendor improves its product development, quality assurance and security response practices. The paper contains details about several vulnerabilities in Sophos antivirus code responsible for parsing Visual Basic 6, PDF, CAB and RAR files. Some of these flaws can be attacked remotely and can result in the execution of arbitrary code on the system.”]