Critical flaw affects F-Secure products

Article

Critical flaw affects F-Secure products

Finnish security firm F-Secure Corp. is urging users to apply a patch that fixes a "critical" security hole in many of its antivirus products. An attacker could exploit the flaw to launch malicious code.

"We urge all affected users to apply the patch before some clown virus-writer tries to exploit it," Mikko Hypponen, F-Secure's director of AV research, said in a Web site message. "This hole is related to a bug in our routine that unpacks ARJ archive files. The bug would allow an attacker to execute code when his ARJ file is scanned."

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

More security product news this week

Major flaw affects multiple Symantec products

Microsoft issues critical fixes

ARJ is an archiving program created by Robert Jung for IBM-compatible computers. The letters stand for "Archive Robert Jung." ARJ compresses files to save storage space and speed transmission when moved from one computer to another.

According to F-Secure's advisory, it's possible to create specially crafted ARJ archives that cause a buffer overflow. "This allows an attacker to execute code of his choice on the target system."

The following F-Secure products are affected:

  • Anti-Virus for Workstation version 5.43 and earlier
  • Anti-Virus for Windows Servers version 5.50 and earlier
  • Anti-Virus for Citrix Servers version 5.50
  • Anti-Virus for MIMEsweeper version 5.51 and earlier
  • Anti-Virus Client Security version 5.55 and earlier
  • Anti-Virus for MS Exchange version 6.31 and earlier
  • Internet Gatekeeper version 6.41 and earlier
  • Anti-Virus for Firewalls version 6.20 and earlier
  • Internet Security 2004 and 2005
  • Anti-Virus 2004 and 2005
  • Solutions based on F-Secure Personal Express version 5.10 and earlier
  • Anti-Virus for Linux Workstations version 4.52 and earlier
  • Anti-Virus for Linux Servers version 4.61 and earlier
  • Anti-Virus for Linux Gateways version 4.61 and earlier
  • Anti-Virus for Samba Servers version 4.60
  • Anti-Virus Linux Client Security 5.01 and earlier
  • Anti-Virus Linux Server Security 5.01 and earlier
  • Internet Gatekeeper for Linux 2.06

The magnitude of the vulnerability varies from one product to the next and is outlined in more detail in the advisory.