Attackers could exploit flaws in a variety of F-Secure Corp. products to escape detection, cause a denial of service...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
or launch malicious code, the Finnish AV vendor said in an advisory Thursday. But fixes are available.
"Specially crafted .zip archives may be used to execute code on affected systems," F-Secure said. "Both .rar and .zip archives can in addition be crafted to avoid successful scanning and obfuscate malicious code in the archive."
A number of the company's antivirus product for Microsoft Windows and Linux platforms are affected, including:
- F-Secure Anti-Virus for Workstation version 5.44 and earlier
- F-Secure Anti-Virus for Windows Servers version 5.52 and earlier
- F-Secure Anti-Virus for Citrix Servers version 5.52
- F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
- F-Secure Anti-Virus Client Security version 6.01 and earlier
- F-Secure Anti-Virus for MS Exchange version 6.40 and earlier
- F-Secure Internet Gatekeeper version 6.42 and earlier
- F-Secure Anti-Virus for Firewalls version 6.20 and earlier
- F-Secure Internet Security 2004, 2005 and 2006
- F-Secure Anti-Virus 2004, 2005 and 2006
- Solutions based on F-Secure Personal Express version 6.20 and earlier
- F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier
- F-Secure Anti-Virus for Linux Servers version 4.64 and earlier
- F-Secure Anti-Virus for Linux Gateways version 4.64 and earlier
- F-Secure Anti-Virus for Samba Servers version 4.62
- F-Secure Anti-Virus Linux Client Security 5.11 and earlier
- F-Secure Anti-Virus Linux Server Security 5.11 and earlier
- F-Secure Internet Gatekeeper for Linux 2.14 and earlier
The advisory includes a patch matrix for these products.
Danish vulnerability clearinghouse Secunia rated the flaws "highly critical" in its advisory, saying they could "be exploited by malware to bypass detection or malicious people to compromise a vulnerable system."
Secunia described the flaws as a boundary error in the handling of .zip archives, which attackers could exploit via a specially crafted .zip archive to cause a buffer overflow and execute arbitrary code, and an error in the scanning functionality when processing .rar and .zip archives that can be exploited to prevent malware from being detected.