Security Advisories

FSC-2013-1: REMOTE CODE EXECUTION VULNERABILITY IN DLL COMPONENT

Description

A vulnerability in a legacy DLL component related to ActiveX control, in certain F-Secure's server products, allows arbitrary connections to be made to the ODBC drivers when using the Internet Explorer (IE) web browser. If the local server is running using local authentication, an attacker may be able to execute arbitrary SQL statements.

Affected Products



Risk Level: HIGH (Low/Medium/High/Critical)

•      F-Secure Anti-Virus for Microsoft Exchange Server 9.00 - 9.10
•      F-Secure Anti-Virus for Windows Servers 9.00
•      F-Secure Anti-Virus for Citrix Servers 9.00
•      F-Secure Email and Server Security 9.20
•      F-Secure Server Security 9.20
•      Solutions based on F-Secure Protection Service for Business Email and Server Security 9.20
•      Solutions based on F-Secure Protection Service for Business Server Security 9.20

Affected Platforms

•     All supported platforms

Mitigating Factors

Exploiting the vulnerability requires use of the IE web browser. On Windows Server 2003 servers, the "IE Enhanced Security Configuration" option (which is enabled by default) must also be disabled. The local server must run with local authentication in order for the attacker to run arbitrary SQL statements. No attacks have been reported in the wild.

Credit

F-Secure Corporation wants to thank Andrea Micalizzi (aka rgod) and HP's Zero Day Initiative (ZDI) for reporting the issue.

Product Versions Download
F-Secure Anti-Virus for Microsoft Exchange Server 9.00 - 9.10 ftp://ftp.f-secure.com/support/hotfix/fsav-mse/FSAVMSE910-HF02.fsfix

ftp://ftp.f-secure.com/support/hotfix/fsav-mse/FSAVMSE910-HF02.jar
F-Secure Anti-Virus for Windows Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.fsfix

ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.jar
F-Secure Anti-Virus for Citrix Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.fsfix

ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.jar
F-Secure Email and Server Security 9.20 ftp://ftp.f-secure.com/support/hotfix/fsss/FSESS920-HF01.fsfix

ftp://ftp.f-secure.com/support/hotfix/fsss/FSESS920-HF01.jar
F-Secure Server Security 9.20 ftp://ftp.f-secure.com/support/hotfix/fsss/FSSS920-HF01.fsfix

ftp://ftp.f-secure.com/support/hotfix/fsss/FSSS920-HF01.jar
Solutions based on F-Secure Protection Service for Business (PSB) Email and Server Security 9.20 Fix available in the automatic update channel. No user actions needed.
Solutions based on F-Secure Protection Service for Business (PSB) Server Security 9.20 Fix available in the automatic update channel. No user actions needed.

Date Issued: 2013-04-24
Last Updated: 2013-04-24

Get
Support

For documentation and product support,
visit our support site.

Learn More

F-Secure Community

Give advice. Get advice. Share the knowledge
on our free discussion forum.

Visit Now