F-Secure Internet Security May Fail to Detect Malware in Various Archive Format Files
|
|
SecurityTracker Alert ID: 1023843 |
|
SecurityTracker URL: http://securitytracker.com/id/1023843
|
|
CVE Reference:
CVE-2010-1425
(Links to External Site)
|
Updated: Apr 20 2010
|
Original Entry Date: Apr 12 2010
|
Impact:
Host/resource access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2010 and prior versions
|
Description:
A vulnerability was reported in F-Secure Internet Security. A remote user can bypass the anti-virus detection.
A remote user can create a specially crafted archive file containing malware that, when scanned by the target anti-virus engine, will not detect the enclosed malware.
The 7Z, GZIP, CAB, RAR archive formats are affected.
ReversingLabs reported this vulnerability.
|
Impact:
A remote user can create content that will bypass the anti-virus detection mechanism.
|
Solution:
The vendor has issued a fix, available via the automatic update channel.
The vendor's advisory is available at:
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html
|
Vendor URL: www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 12 Apr 2010 18:22:31 +0000
Subject: F-Secure Internet Security
|
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html
|
|
