Skip to main content

F-Secure Products Archive Handling Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 18 Mar 2008 4378 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various F-Secure products, which could be exploited by attackers or malware to cause a denial of service or take complete control of an affected system. These issues are caused by memory corruption errors when processing malformed archives, which could be exploited to crash an affected application or execute arbitrary code via a specially crafted archive.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • F-Secure Internet Security 2008
  • F-Secure Internet Security 2007
  • F-Secure Internet Security 2007 Second Edition
  • F-Secure Internet Security 2006
  • F-Secure Anti-Virus 2008
  • F-Secure Anti-Virus 2007
  • F-Secure Anti-Virus 2007 Second Edition
  • F-Secure Anti-Virus 2006
  • F-Secure Client Security 7.11 and prior
  • F-Secure Anti-Virus Client Security 6.04 and prior
  • F-Secure Anti-Virus for Workstations 7.11 and prior
  • F-Secure Anti-Virus Linux Client Security 5.54 and prior
  • F-Secure Anti-Virus for Linux 4.65 and prior
  • Solutions based on F-Secure Protection Service for Consumers version 7.00 and prior
  • Solutions based on F-Secure Protection Service for Business version 3.10 and prior
  • F-Secure Mobile Anti-Virus for S60 2nd edition
  • F-Secure Mobile Anti-Virus for Windows Mobile 2003/5.0/6
  • F-Secure Mobile Security for Series 80 RealPlayer version 11.0.1 (build 6.0.14.794) including rmoc3260.dll version 6.0.10.45

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply patches :
http://www.f-secure.com/security/fsc-2008-2.shtml


Vulnerability Identifier

  • No CVE information is available

Source


Related Link