Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Product Security

FSC-2014-5: Remote File System Access

 

Brief Description

A vulnerability in the Online Safety and Browsing Protection features of certain F-Secure security products could allow an attacker to remotely read files on the user's file system. No attacks have been reported in the wild.

 

Products

Risk Level: Critical (Low/Medium/High/Critical)

  • F-Secure Internet Security 2014
  • F-Secure Internet Security 2013
  • Safe Anywhere for PC 12.1 - 14.2
  • Client Security 10.0 - 11.51
  • Email and Server Security 10.00 - 11.00
  • Server Security 10.00 - 11.00
  • Protection Service for Business Workstation Security 10.00 - 10.10
  • Protection Service for Business Email and Server Security 10.00
  • Protection Service for Business Server Security 10.00

 

Platforms

Risk Level: Critical (Low/Medium/High/Critical)

  • All supported platforms for the affected products

  

Fix Available

Product Versions        Download
F-Secure Internet Security 2013 - 2014 Fix is available in the automatic update channel. In some cases, a system reboot may be required; otherwise, no user actions are needed.
Safe Anywhere for PC 12.1 - 14.2 Fix is available in the automatic update channel. In some cases, a system reboot may be required; otherwise, no user actions are needed.
Client Security 10.00 - 11.51 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Email and Server Security 10.00 - 11.00 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Server Security 10.00 - 11.00 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Protection Service for Business Workstation Security 10.00 - 10.10 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Protection Service for Business Email and Server Security 10.00 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Protection Service for Business Server Security 10.00 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.

 

Credits

F-Secure Corporation would like to express its sincere gratitude to Juho Ranta, Henrik Kouri, Jani Manninen, Jussi-Pekka Erkkilä and Lauri Vehviläinen from 2NS – Second Nature Security for bringing this issue to our attention.

 

 

Advisory Changes

Date Changes
28th May First advisory published.
29th May  Corrected version numbers for Client Security in Fix Available.
30th May Updated to include Server Security and Protection Service for Business Server Security.

 

 

Date Issued: 2014-05-28
Date Last Updated: 2014-05-30

Get Support online

For documentation and product support, visit our Support site.