Security Advisories

FSC-2006-1: CODE EXECUTION VULNERABILITY IN ZIP AND RAR ARCHIVE HANDLING

Description

A structure exception handler (SEH) overwrite vulnerability in a DLL file associated with several products could be exploited under specific circumstances and may lead to remote code execution.

Affected Products


Risk LevelHIGH (Low/Medium/High/Critical)

  • F-Secure Anti-Virus 2010 and 2011
  • F-Secure Internet Security 2010 and 2011
  • Solutions based on F-Secure Protection Service for Consumers version 9
  • Solutions based on F-Secure Protection Service for Business - Workstation security version 9

Notes

These products are affected by the vulnerability, but the needed hotfix is distributed automatically by the update system. End users do not need to take any actions.

 

Platforms

All platforms supported by the affected products

 

Patch Available

Product Versions        Download
F-Secure Internet Security 2010 and 2011 Fix available in the automatic update channel. No user actions needed.
F-Secure Anti-Virus 2010 and 2011 Fix available in the automatic update channel. No user actions needed.
Solutions based on F-Secure Protection Service for Business - Workstation security 9 Fix available in the automatic update channel. No user actions needed.
Solutions based on F-Secure Protection Service for Consumers version 9 Fix available in the automatic update channel. No user actions needed.

Credits

F-Secure Corporation wants to thank Anil Aphale (aka 41.w4r10r) of Controlcase India Ltd for bringing this issue to our attention.

 

Date Issued: 2011-08-23
Last Updated: 2011-08-23

Get
Support

For documentation and product support,
visit our support site.

Learn More

F-Secure Community

Give advice. Get advice. Share the knowledge
on our free discussion forum.

Visit Now