Finnish security firm F-Secure Corp. is urging users to apply a patch that fixes a "critical" security hole in many of its antivirus products. An attacker could exploit the flaw to launch malicious code.
"We urge all affected users to apply the patch before some clown virus-writer tries to exploit it," Mikko Hypponen, F-Secure's director of AV research, said in a Web site message. "This hole is related to a bug in our routine that unpacks ARJ archive files. The bug would allow an attacker to execute code when his ARJ file is scanned."
ARJ is an archiving program created by Robert Jung for IBM-compatible computers. The letters stand for "Archive Robert Jung." ARJ compresses files to save storage space and speed transmission when moved from one computer to another.
According to F-Secure's advisory, it's possible to create specially crafted ARJ archives that cause a buffer overflow. "This allows an attacker to execute code of his choice on the target system."
The following F-Secure products are affected:
- Anti-Virus for Workstation version 5.43 and earlier
- Anti-Virus for Windows Servers version 5.50 and earlier
- Anti-Virus for Citrix Servers version 5.50
- Anti-Virus for MIMEsweeper version 5.51 and earlier
- Anti-Virus Client Security version 5.55 and earlier
- Anti-Virus for MS Exchange version 6.31 and earlier
- Internet Gatekeeper version 6.41 and earlier
- Anti-Virus for Firewalls version 6.20 and earlier
- Internet Security 2004 and 2005
- Anti-Virus 2004 and 2005
- Solutions based on F-Secure Personal Express version 5.10 and earlier
- Anti-Virus for Linux Workstations version 4.52 and earlier
- Anti-Virus for Linux Servers version 4.61 and earlier
- Anti-Virus for Linux Gateways version 4.61 and earlier
- Anti-Virus for Samba Servers version 4.60
- Anti-Virus Linux Client Security 5.01 and earlier
- Anti-Virus Linux Server Security 5.01 and earlier
- Internet Gatekeeper for Linux 2.06
The magnitude of the vulnerability varies from one product to the next and is outlined in more detail in the advisory.