Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Product Security

FSC-2008-2: Archive Handling Vulnerability

 

Brief Description

Specially crafted archives cause product malfunction that may lead to unhandled exceptions that are visible as product crash, hang and possible remote code execution.

Affected Platforms   

All supported platforms
 

Products

Clients

Risk Level: CRITICAL(Low/Medium/High/Critical)

•  F-Secure Internet Security 2008
•  F-Secure Internet Security 2007
•  F-Secure Internet Security 2007 Second Edition
•  F-Secure Internet Security 2006
•  F-Secure Anti-Virus 2008
•  F-Secure Anti-Virus 2007
•  F-Secure Anti-Virus 2007 Second Edition
•  F-Secure Anti-Virus 2006
•  F-Secure Client Security 7.11 and earlier
•  F-Secure Anti-Virus Client Security 6.04 and earlier
•  F-Secure Anti-Virus for Workstations 7.11 and earlier
•  F-Secure Anti-Virus Linux Client Security 5.54 and earlier
•  F-Secure Anti-Virus for Linux 4.65 and earlier
•  Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier
•  Solutions based on F-Secure Protection Service for Business version 3.10 and earlier
•  F-Secure Mobile Anti-Virus for S60 2nd edition
•  F-Secure Mobile Anti-Virus for Windows Mobile 2003/5.0/6
•  F-Secure Mobile Security for Series 80
•  F-Secure Internet Security 2010 and 2011
•  F-Secure Anti-Virus 2010 and 2011

 

Servers

Risk Level: CRITICAL(Low/Medium/High/Critical)

•  F-Secure Anti-Virus for Windows Servers 7.01 and earlier
•  F-Secure Anti-Virus for Citrix Servers 7.00 and earlier
•  F-Secure Anti-Virus Linux Server Security 5.54 and earlier

 

Gateways

Risk Level: CRITICAL(Low/Medium/High/Critical)

•  F-Secure Anti-Virus for Microsoft Exchange 7.10 and earlier
•  F-Secure Internet Gatekeeper 6.61, Windows and earlier
•  F-Secure Internet Gatekeeper for Linux 2.16 and earlier
•  F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier
•  F-Secure Messaging Security Gateway 4.0.7 and earlier
 

Mitigating Factors

These specially crafted malformed archives cause unhandled exceptions that have various effects. Exploitation of these vulnerabilities requires specially crafted archives. There are no known exploits at the moment of advisory release.

Credit

F-Secure wants to thank University of Oulu for submitting these issues.

Patch Available

Product Versions Download
F-Secure Client Security 7.10
7.11
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsav742-02-signed.fsfix
F-Secure Anti-Virus Client Security 6.03
6.04
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk606-01- signed.fsfix
F-Secure Anti-Virus for Workstations 7.10
7.11
ftp://ftp.f-secure.com/support/hotfix/fsav/fsav742-02-signed.fsfix
F-Secure Anti-Virus for Windows Servers 7.00
7.01
ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsav721-01- signed.fsfix
F-Secure Anti-Virus for Citrix Servers 7.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsav721-01-signed.fsfix
F-Secure Anti-Virus for Citrix Servers 5.52 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-15-signed.fsfix
F-Secure Linux Client Security 5.53 http://www.f- secure.com/webclub/fscsl.html
F-Secure Linux Client Security 5.54 http://www.f- secure.com/webclub/fscsl.html
F-Secure Linux Server Security 5.53 http://www.f- secure.com/webclub/fsssl.html
F-Secure Linux Server Security 5.54 http://www.f- secure.com/webclub/fsssl.html
F-Secure Anti-Virus for Linux Gateways 4.65 http://www.f- secure.com/webclub/fsavgwl.html
F-Secure Anti-Virus for Microsoft Exchange 6.62 ftp://ftp.f- secure.com/support/hotfix/fsav-mse/fsavmse662-05.zip
F-Secure Anti-Virus for Microsoft Exchange 7.00 ftp://ftp.f- secure.com/support/hotfix/fsav-mse/fsavmse700-02.zip
F-Secure Anti-Virus for Microsoft Exchange 7.10 ftp://ftp.f- secure.com/support/hotfix/fsav-mse/fsavmse710-01.zip
F-Secure Internet Gatekeeper 6.61 ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk661-02.zip
F-Secure Internet Gatekeeper for Linux 2.16 http://www.f- secure.com/webclub/fsigkl.html
F-Secure Anti-Virus for MIMEsweeper 5.61 ftp://ftp.f-secure.com/support/hotfix/fsav-msw/fsavsr552-15-signed.fsfix
F-Secure Messaging Security Gateway 4.0.6
4.0.7
Packages will be available in the update channel, and installed automatically.
Protection Services For Consumers 7.00 and earlier Packages will be available in the update channel, and installed automatically.
Protection Services For Businesses 3 Packages will be available in the update channel, and installed automatically.
F-Secure Internet Security 2006,
2007,
2007 v.7.02,
2008
Packages will be available in the update channel, and installed automatically.
F-Secure Mobile Anti-Virus for S60 2nd edition   Packages will be available in the update channel, and installed automatically.
F-Secure Mobile Anti-Virus for Windows Mobile 2003/5.0/6   Packages will be available in the update channel, and installed automatically.
F-Secure Mobile Security for Series 80   Packages will be available in the update channel, and installed automatically.

Date Issued: 2008-03-17
Last Updated: 2008-03-17

Get Support online

For documentation and product support, visit our Support site.

 

F-Secure Community

 
Give advice. Get advice. Share the knowledge on our free discussion forum.