F-Secure Internet Security May Fail to Scan Certain ZIP and RAR Archives
|
|
SecurityTracker Alert ID: 1022172 |
|
SecurityTracker URL: http://securitytracker.com/id/1022172
|
|
CVE Reference:
CVE-2009-1782
(Links to External Site)
|
Updated: May 28 2009
|
Original Entry Date: May 6 2009
|
Impact:
Host/resource access via network, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2009 and prior
|
Description:
A vulnerability was reported in F-Secure Internet Security. A user can create an archive that will bypass detection.
A remote user can create a specially crafted ZIP or RAR archive that, when processed by the target user or application, will will not be detected by the scanning engine.
F-Secure Client Security 8.0 and prior versions are also affected.
F-Secure Home Server Security 2009 is also affected.
Roger Mickael reported this vulnerability.
|
Impact:
A user can create an archive that will bypass detection.
|
Solution:
The vendor has issued a fix. A patch matrix is available in the F-Secure advisory.
The vendor's advisory is available at:
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html
|
Vendor URL: www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 6 May 2009 15:20:14 -0400
Subject: F-Secure Anti-Virus, F-Secure Internet Gatekeeper, F-Secure Protection Service for Business, F-Secure Internet Security, F-Secure Client Security
|
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html
|
|
