Critical flaw affects F-Secure products

By Bill Brenner, News Writer 11 Feb 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Finnish security firm F-Secure Corp. is urging users to apply a patch that fixes a "critical" security hole in many of its antivirus products. An attacker could exploit the flaw to launch malicious code.

"We urge all affected users to apply the patch before some clown virus-writer tries to exploit it," Mikko Hypponen, F-Secure's director of AV research, said in a Web site message. "This hole is related to a bug in our routine that unpacks ARJ archive files. The bug would allow an attacker to execute code when his ARJ file is scanned."

More security product news this week Major flaw affects multiple Symantec products Microsoft issues critical fixes

ARJ is an archiving program created by Robert Jung for IBM-compatible computers. The letters stand for "Archive Robert Jung." ARJ compresses files to save storage space and speed transmission when moved from one computer to another.

According to F-Secure's advisory, it's possible to create specially crafted ARJ archives that cause a buffer overflow. "This allows an attacker to execute code of his choice on the target system."

The following F-Secure products are affected:

• Anti-Virus for Workstation version 5.43 and earlier
• Anti-Virus for Windows Servers version 5.50 and earlier
• Anti-Virus for Citrix Servers version 5.50
• Anti-Virus for MIMEsweeper version 5.51 and earlier
• Anti-Virus Client Security version 5.55 and earlier
• Anti-Virus for MS Exchange version 6.31 and earlier
• Internet Gatekeeper version 6.41 and earlier
• Anti-Virus for Firewalls version 6.20 and earlier
• Internet Security 2004 and 2005
• Anti-Virus 2004 and 2005
• Solutions based on F-Secure Personal Express version 5.10 and earlier
• Anti-Virus for Linux Workstations version 4.52 and earlier
• Anti-Virus for Linux Servers version 4.61 and earlier
• Anti-Virus for Linux Gateways version 4.61 and earlier
• Anti-Virus for Samba Servers version 4.60
• Anti-Virus Linux Client Security 5.01 and earlier
• Anti-Virus Linux Server Security 5.01 and earlier
• Internet Gatekeeper for Linux 2.06

The magnitude of the vulnerability varies from one product to the next and is outlined in more detail in the advisory.

Tags: Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary