Security Advisories

FSC-2010-4: BINARY PLANTING VULNERABILITY

Description

Under certain circumstances, an attacker can trick the system into executing a binary file that has been planted on a disk resource that the computer can access.
 

Affected Products


Risk Level: HIGH (Low/Medium/High/Critical)

These products are affected by the vulnerability, but the needed hotfix is distributed automatically by the update system. End users do not need to take any actions.
  • Solutions based on F-Secure Protection Service for Consumers version 9
  • Solutions based on F-Secure Protection Service for Business - Workstation security version 9
  • Solutions based on F-Secure Protection Service for Business - Email and Server Security version 9
  • Solutions based on F-Secure Protection Service for Business - Server Security version 9
  • F-Secure Internet Security 2010 and 2011
  • F-Secure Anti-Virus 2010 and 2011

Risk Level: HIGH (Low/Medium/High/Critical)

These products are affected by the vulnerability. Administrators should download and apply the hotfixes listed below.
  • F-Secure Client Security 9.00-9.01
  • F-Secure Anti-Virus for Workstations 9.00-9.01
  • F-Secure Anti-Virus for Windows Servers 9.00
  • F-Secure Anti-Virus for Citrix Servers 9.00

 

Platforms

All platforms supported by the affected products.

 

Notes

F-Secure recommends that administrators of the affected systems patch or upgrade their systems.

 

Patch Available

Product Versions        Download
Solutions based on F-Secure Protection Service for Consumers 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - Workstation security 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - Email and Server Security 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - Server Security 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Internet Security 2010 and 2011 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus 2010 and 2011 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Client Security 9.00-9.01 ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS900-HF02-signed.fsfix (5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS900-HF02-signed.jar (5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS901-HF08-signed.fsfix (5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS901-HF08-signed.jar (5065 KB)
F-Secure Anti-Virus for Workstations 9.00-9.01 ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS900-HF01-signed.fsfix 5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS900-HF01-signed.jar (5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS901-HF03-signed.fsfix (5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS901-HF03-signed.jar (5065 KB)
F-Secure Anti-Virus for Windows Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.fsfix (4953 KB)
ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.jar (4953 KB)
F-Secure Anti-Virus for Citrix Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.fsfix (4953 KB)
ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.jar (4953 KB)

Credits

F-Secure Corporation wants to thank Simon Raner of ACROS Security (http://www.acrossecurity.com) for bringing this issue to our attention.

 

Date Issued: 2010-12-15
Last Updated: 2010-12-15

Get
Support

For documentation and product support,
visit our support site.

Learn More

F-Secure Community

Give advice. Get advice. Share the knowledge
on our free discussion forum.

Visit Now