ZIP and RAR archive evasion vulnerability

Some of F-Secure products are affected by the following ZIP and RAR archive evasion vulnerability: malware inside specially crafted archive files remains undetected.

The vulnerability only affects the antivirus software’s ability to scan inside compressed archives. In general, compressed archives are scanned in gateway environments. In a typical configuration, on-access scanning does not scan inside compressed archives. Therefore, the vulnerability is insignificant in client environments.

Attackers can exploit the vulnerability by sending malware inside specially-made compressed file archives to users. At the time of publishing the Security Advisory, there are no known exploits.

For more information about the vulnerability and links to related hotfixes, see F-Secure Security Advisory FSC-2009-1.