Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Product Security

FSC-2009-3: PDF Bypass Vulnerability

 

Brief Description

Malware inside specially crafted PDF files remain undetected.

Affected Platforms   

All supported platforms

Products

Risk Level: HIGH (Low/Medium/High/Critical)

•  F-Secure Internet Security 2009 and earlier
•  F-Secure Anti-Virus 2009 and earlier
•  F-Secure Home Server Security 2009
•  Solutions based on F-Secure Protection Service for Consumers version 8.00 and earlier
•  Solutions based on F-Secure Protection Service for Business - Workstation security version 8.00 and earlier
•  Solutions based on F-Secure Protection Service for Business - E-mail and Server security version 8.00 and earlier
•  F-Secure Client Security 8.01 and earlier F-Secure Anti-Virus for Workstations 8.0 and earlier
•  F-Secure Anti-Virus for Windows Servers 8.00 and earlier F-Secure Linux Security 7.02 and earlier
•  F-Secure Anti-Virus Linux Client Security 5.54 and earlier
•  F-Secure Anti-Virus Linux Server Security 5.54 and earlier
•  F-Secure Anti-Virus for Linux Servers 4.65
•  F-Secure Anti-Virus for Microsoft Exchange 8.00 and earlier
•  F-Secure Internet Gatekeeper for Windows 6.61 and earlier
•  F-Secure Internet Gatekeeper for Linux 3.02 and earlier
•  F-Secure Internet Gatekeeper for Linux Japanese 2.37 and earlier
•  F-Secure Anti-Virus for Citrix Servers 7.00 and earlier
•  F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier

Notes

The vulnerability may cause malware in PDF files to remain undetected. Note that a fix for this vulnerability is available in the malware definition update channel. Manual actions are required only if the product is run with automatic updates disabled, or in an environment without connectivity to the public Internet. Administrators of such systems are urged to update the definition databases manually without delay.

Mitigating Factors

A fix for the problem has been distributed through the malware definition database update channel. This advisory only affects systems that, for some reason, are not updated automatically.

Credit

F-Secure want to thank Mr. Thierry Zoller from G-SEC (www.g-sec.lu) for reporting this issue.

Patch Available

Product Versions        Download
All affected products All versions Fix available in the update channel

Date Issued: 2009-10-29
Last Updated: 2009-10-29

Get Support online

For documentation and product support, visit our Support site.

 

F-Secure Community

 
Give advice. Get advice. Share the knowledge on our free discussion forum.