Critical flaw affects F-Secure products

By Bill Brenner, News Writer 11 Feb 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Finnish security firm F-Secure Corp. is urging users to apply a patch that fixes a "critical" security hole in many of its antivirus products. An attacker could exploit the flaw to launch malicious code.

"We urge all affected users to apply the patch before some clown virus-writer tries to exploit it," Mikko Hypponen, F-Secure's director of AV research, said in a Web site message. "This hole is related to a bug in our routine that unpacks ARJ archive files. The bug would allow an attacker to execute code when his ARJ file is scanned."

More security product news this week Major flaw affects multiple Symantec products Microsoft issues critical fixes

ARJ is an archiving program created by Robert Jung for IBM-compatible computers. The letters stand for "Archive Robert Jung." ARJ compresses files to save storage space and speed transmission when moved from one computer to another.

According to F-Secure's advisory, it's possible to create specially crafted ARJ archives that cause a buffer overflow. "This allows an attacker to execute code of his choice on the target system."

The following F-Secure products are affected:

• Anti-Virus for Workstation version 5.43 and earlier
• Anti-Virus for Windows Servers version 5.50 and earlier
• Anti-Virus for Citrix Servers version 5.50
• Anti-Virus for MIMEsweeper version 5.51 and earlier
• Anti-Virus Client Security version 5.55 and earlier
• Anti-Virus for MS Exchange version 6.31 and earlier
• Internet Gatekeeper version 6.41 and earlier
• Anti-Virus for Firewalls version 6.20 and earlier
• Internet Security 2004 and 2005
• Anti-Virus 2004 and 2005
• Solutions based on F-Secure Personal Express version 5.10 and earlier
• Anti-Virus for Linux Workstations version 4.52 and earlier
• Anti-Virus for Linux Servers version 4.61 and earlier
• Anti-Virus for Linux Gateways version 4.61 and earlier
• Anti-Virus for Samba Servers version 4.60
• Anti-Virus Linux Client Security 5.01 and earlier
• Anti-Virus Linux Server Security 5.01 and earlier
• Internet Gatekeeper for Linux 2.06

The magnitude of the vulnerability varies from one product to the next and is outlined in more detail in the advisory.

Tags: Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware ISP shutdown latest cat-and-mouse game with hackers How to get rid of malware, botnets on a hospital IT network How can search results lead to malware? How to prevent mobile phone spying Should a national cybersecurity strategy include offensive botnets? How to defend against rogue DHCP server malware New Trojan stealing FTP credentials, attacking FTP websites Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths When BIOS updates become malware attacks Antispyware buying guide for Indian enterprises

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary