Article

Flaws affect F-Secure AV products

Bill Brenner

Attackers could exploit flaws in a variety of F-Secure Corp. products to escape detection, cause a denial of service or launch malicious code, the Finnish AV vendor said in an advisory Thursday. But fixes are available.

"Specially

    Requires Free Membership to View

crafted .zip archives may be used to execute code on affected systems," F-Secure said. "Both .rar and .zip archives can in addition be crafted to avoid successful scanning and obfuscate malicious code in the archive."

A number of the company's antivirus product for Microsoft Windows and Linux platforms are affected, including:

  • F-Secure Anti-Virus for Workstation version 5.44 and earlier
  • F-Secure Anti-Virus for Windows Servers version 5.52 and earlier
  • F-Secure Anti-Virus for Citrix Servers version 5.52
  • F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
  • F-Secure Anti-Virus Client Security version 6.01 and earlier
  • F-Secure Anti-Virus for MS Exchange version 6.40 and earlier
  • F-Secure Internet Gatekeeper version 6.42 and earlier
  • F-Secure Anti-Virus for Firewalls version 6.20 and earlier
  • F-Secure Internet Security 2004, 2005 and 2006
  • F-Secure Anti-Virus 2004, 2005 and 2006
  • Solutions based on F-Secure Personal Express version 6.20 and earlier
  • F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier
  • F-Secure Anti-Virus for Linux Servers version 4.64 and earlier
  • F-Secure Anti-Virus for Linux Gateways version 4.64 and earlier
  • F-Secure Anti-Virus for Samba Servers version 4.62
  • F-Secure Anti-Virus Linux Client Security 5.11 and earlier
  • F-Secure Anti-Virus Linux Server Security 5.11 and earlier
  • F-Secure Internet Gatekeeper for Linux 2.14 and earlier

The advisory includes a patch matrix for these products.

Danish vulnerability clearinghouse Secunia rated the flaws "highly critical" in its advisory, saying they could "be exploited by malware to bypass detection or malicious people to compromise a vulnerable system."

Secunia described the flaws as a boundary error in the handling of .zip archives, which attackers could exploit via a specially crafted .zip archive to cause a buffer overflow and execute arbitrary code, and an error in the scanning functionality when processing .rar and .zip archives that can be exploited to prevent malware from being detected.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: