security advisories

FSC-2014-5: Remote File System Access

Description

A vulnerability in the Online Safety and Browsing Protection features of certain F-Secure security products could allow an attacker to remotely read files on the user's file system. No attacks have been reported in the wild.
 

Affected Products



Risk Level: Critical (Low/Medium/High/Critical)

  • F-Secure Internet Security 2014
  • F-Secure Internet Security 2013
  • Safe Anywhere for PC 12.1 - 14.2
  • Client Security 10.0 - 11.51
  • Email and Server Security 10.00 - 11.00
  • Server Security 10.00 - 11.00
  • Protection Service for Business Workstation Security 10.00 - 10.10
  • Protection Service for Business Email and Server Security 10.00
  • Protection Service for Business Server Security 10.00

 

Platforms

Risk Level: Critical (Low/Medium/High/Critical)

  • All supported platforms for the affected products

 

Fix Available

Product Versions Download
F-Secure Internet Security 2013 - 2014

Fix is available in the automatic update channel.
In some cases, a system reboot may be required;
otherwise, no user actions are needed.

Safe Anywhere for PC 12.1 - 14.2

Fix is available in the automatic update channel.
In some cases, a system reboot may be required;
otherwise, no user actions are needed.

Client Security 10.00 - 11.51 Fix is available in the automatic update channel.
No user actions needed if automatic updates are enabled.
Email and Server Security 10.00 - 11.00 Fix is available in the automatic update channel.
No user actions needed if automatic updates are enabled.
Server Security 10.00 - 11.00 Fix is available in the automatic update channel.
No user actions needed if automatic updates are enabled.
Protection Service for
Business Workstation Security
10.00 - 10.10 Fix is available in the automatic update channel.
No user actions needed if automatic updates are enabled.
Protection Service for
Business Email and Server Security
10.00 Fix is available in the automatic update channel.
No user actions needed if automatic updates are enabled.
Protection Service for
Business Server Security
10.00 Fix is available in the automatic update channel.
No user actions needed if automatic updates are enabled.

Credits

F-Secure Corporation would like to express its sincere gratitude to Juho Ranta, Henrik Kouri, Jani Manninen, Jussi-Pekka Erkkilä and Lauri Vehviläinen from 2NS – Second Nature Security for bringing this issue to our attention.

 

Advisory Changes

Date Changes
28th May First advisory published.
29th May Corrected version numbers for Client Security in Fix Available.
30th May Updated to include Server Security and Protection Service for Business Server Security.

 

Date Issued: 2014-05-28
Date Last Updated: 2014-05-30

Get
Support

For documentation and product support,
visit our support site.

Learn More

F-Secure Community

Give advice. Get advice. Share the knowledge
on our free discussion forum.

Visit Now