Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Product Security

FSC-2013-1: Remote code execution vulnerability in DLL component

 

Brief Description

A vulnerability in a legacy DLL component related to ActiveX control, in certain F-Secure’s server products, allows arbitrary connections to be made to the ODBC drivers when using the Internet Explorer (IE) web browser. If the local server is running using local authentication, an attacker may be able to execute arbitrary SQL statements.

Affected Platforms

•     All supported platforms

Products

Risk Level: HIGH (Low/Medium/High/Critical)

•      F-Secure Anti-Virus for Microsoft Exchange Server 9.00 - 9.10
•      F-Secure Anti-Virus for Windows Servers 9.00
•      F-Secure Anti-Virus for Citrix Servers 9.00
•      F-Secure Email and Server Security 9.20
•      F-Secure Server Security 9.20
•      Solutions based on F-Secure Protection Service for Business Email and Server Security 9.20
•      Solutions based on F-Secure Protection Service for Business Server Security 9.20

 

Mitigating Factors

Exploiting the vulnerability requires use of the IE web browser. On Windows Server 2003 servers, the “IE Enhanced Security Configuration” option (which is enabled by default) must also be disabled. The local server must run with local authentication in order for the attacker to run arbitrary SQL statements. No attacks have been reported in the wild.

Credit

F-Secure Corporation wants to thank Andrea Micalizzi (aka rgod) and HP’s Zero Day Initiative (ZDI) for reporting the issue.

Fix Available

Product Versions        Download
F-Secure Anti-Virus for Microsoft Exchange Server 9.00 - 9.10 ftp://ftp.f-secure.com/support/hotfix/fsav-mse/FSAVMSE910-HF02.fsfix

ftp://ftp.f-secure.com/support/hotfix/fsav-mse/FSAVMSE910-HF02.jar
F-Secure Anti-Virus for Windows Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.fsfix

ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.jar
F-Secure Anti-Virus for Citrix Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.fsfix

ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.jar
F-Secure Email and Server Security 9.20 ftp://ftp.f-secure.com/support/hotfix/fsss/FSESS920-HF01.fsfix

ftp://ftp.f-secure.com/support/hotfix/fsss/FSESS920-HF01.jar
F-Secure Server Security 9.20 ftp://ftp.f-secure.com/support/hotfix/fsss/FSSS920-HF01.fsfix

ftp://ftp.f-secure.com/support/hotfix/fsss/FSSS920-HF01.jar
Solutions based on F-Secure Protection Service for Business (PSB) Email and Server Security 9.20 Fix available in the automatic update channel. No user actions needed.
Solutions based on F-Secure Protection Service for Business (PSB) Server Security 9.20 Fix available in the automatic update channel. No user actions needed.

 

 

Date Issued: 2013-04-24
Last Updated: 2013-04-24

Get Support online

For documentation and product support, visit our Support site.