FSC-2007-6: EXE & Packed File Scanning Vulnerabilities
Brief Description
Specially crafted archives and packed executables can bypass antivirus scanning.
Placing a specially crafted archive or packed executable into the system32 folder may allow an attacker to bypass F-Secure's antivirus.
Affected Platforms
Windows Server 2003 64-bit edition for x64 processors
Products
Risk Level: HIGH(Low/Medium/High/Critical)
F-Secure Anti-Virus for Windows Servers version 7.00
Mitigating Factors
Exploitation of the vulnerabilities requires specially crafted archives or packed executables. Issue only exists on 64-bit server platforms. There are no known exploits.
Credit
F-Secure wants to thank Mr Papadorotheoun for pinpointing this issue.
Patch Available
| Product | Versions | Download |
|---|---|---|
| F-Secure Anti-Virus for Windows Servers | 7.00 | ftp://ftp.f-secure.com/support/hotfix/fsav/fsav720-01-signed.fsfix |
Date Issued: 2007-09-27
Last Updated: 2007-09-27
2007 Security advisories
- FSC-2007-6: EXE & Packed File Scanning Vulnerabilities (2007-09-27)
- FSC-2007-5: Scan Bypass Vulnerabilities with LHA & RAR Archives (2007-06-19
- FSC-2007-4: Denial of Service Vulnerability in F-Secure Policy Manager Server host module (2007-05-30)
- FSC-2007-3: EXE & Packed File Scanning Vulnerabilities (2007-05-30)
- FSC-2007-2: IOCTL Vulnerability in Real-time Scanning Component (2007-05-30)
- FSC-2007-1: Buffer Overflow Vulnerability in Handling LHA Archives (2007-05-30)
