SecurityTracker.com Archives - F-Secure Anti-Virus Unhandled Exception in Processing Archives Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (Security) > F-Secure Anti-Virus

Vendors: F-Secure

F-Secure Anti-Virus Unhandled Exception in Processing Archives Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1019620

SecurityTracker URL: http://securitytracker.com/id?1019620

CVE Reference: CVE-2008-1412 (Links to External Site)

Updated: Mar 26 2008

Original Entry Date: Mar 17 2008

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2006, 2007, 2007 Second Edition, 2008

Description: A vulnerability was reported in F-Secure Anti-Virus. A remote user can cause arbitrary code to be executed on the target system.

A remote user can create a specially crafted archive that, when processed by the target application, will trigger an unhandled exception and cause the service to crash or potentially execute arbitrary code on the target system.

Several product versions are affected, including the following:

F-Secure Anti-Virus Client Security 6.04 and prior
F-Secure Anti-Virus for Workstations 7.11 and prior
F-Secure Anti-Virus Linux Client Security 5.54 and prior
F-Secure Anti-Virus for Linux 4.65 and prior
F-Secure Anti-Virus for Windows Servers 7.01 and prior
F-Secure Anti-Virus for Citrix Servers 7.00 and prior
F-Secure Anti-Virus Linux Server Security 5.54 and prior
F-Secure Anti-Virus for Microsoft Exchange 7.10 and prior
F-Secure Anti-Virus for MIMEsweeper 5.61 and prior
F-Secure Mobile Anti-Virus for S60 2nd edition
F-Secure Mobile Anti-Virus for Windows Mobile 2003/5.0/6

University of Oulu reported this vulnerability.

Impact: A remote user can create a file that, when loaded by the target application, will execute arbitrary code on the target system.

Solution: The vendor has issued a fix. A patch matrix is available in the vendor's advisory.

The vendor's advisory is available at:

http://www.f-secure.com/security/fsc-2008-2.shtml

Vendor URL: www.f-secure.com/security/fsc-2008-2.shtml (Links to External Site)

Cause: Exception handling error

Underlying OS: Linux (Any), Windows (Any)

Message History: None.

Source Message Contents

Date: Mon, 17 Mar 2008 11:54:00 -0500
Subject: F-Secure Anti-Virus

 
 
http://www.f-secure.com/security/fsc-2008-2.shtml

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC