1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Support
  3. Security Advisory
  4. Security Advisory FSC-2008-2

Security Advisory FSC-2008-2

Archive handling vulnerability

Date issued 2008-03-17
Last updated 2008-03-17
Risk level Critical (Low/Medium/High/Critical)
Brief description Specially crafted archives cause product malfunction that may lead to unhandled exceptions that are visible as product crash, hang and possible remote code execution.
Affected platforms All supported platforms

Clients

Products: F-Secure Internet Security 2008
F-Secure Internet Security 2007
F-Secure Internet Security 2007 Second Edition
F-Secure Internet Security 2006
F-Secure Anti-Virus 2008
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 2007 Second Edition
F-Secure Anti-Virus 2006
F-Secure Client Security 7.11 and earlier
F-Secure Anti-Virus Client Security 6.04 and earlier
F-Secure Anti-Virus for Workstations 7.11 and earlier
F-Secure Anti-Virus Linux Client Security 5.54 and earlier
F-Secure Anti-Virus for Linux 4.65 and earlier
Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier
Solutions based on F-Secure Protection Service for Business version 3.10 and earlier
F-Secure Mobile Anti-Virus for S60 2nd edition
F-Secure Mobile Anti-Virus for Windows Mobile 2003/5.0/6
F-Secure Mobile Security for Series 80
 
Risk level: Critical
  • These specially crafted malformed archives cause unhandled exceptions that have various effects.
Mitigating Factors:
  • Exploitation of these vulnerabilities requires specially crafted archives.
  • There are no known exploits at the moment of advisory release.

Servers

Products: F-Secure Anti-Virus for Windows Servers 7.01 and earlier
F-Secure Anti-Virus for Citrix Servers 7.00 and earlier
F-Secure Anti-Virus Linux Server Security 5.54 and earlier
 
Risk level: Critical
  • These specially crafted malformed archives cause unhandled exceptions that have various effects.
Mitigating Factors:
  • Exploitation of these vulnerabilities requires specially crafted archives.
  • There are no known exploits at the moment of advisory release.

Gateways

Products: F-Secure Anti-Virus for Microsoft Exchange 7.10 and earlier
F-Secure Internet Gatekeeper 6.61, Windows and earlier
F-Secure Internet Gatekeeper for Linux 2.16 and earlier
F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier
F-Secure Messaging Security Gateway 4.0.7 and earlier
 
Risk level: Critical
  • These specially crafted malformed archives cause unhandled exceptions that have various effects.
Mitigating Factors:
  • Exploitation of these vulnerabilities requires specially crafted archives.
  • There are no known exploits at the moment of advisory release.
Advisory location:http://www.f-secure.com/support/security-advisory/fsc-2008-2.html

Available patches:

Product Versions Download
F-Secure Client Security 7.10
7.11		 ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsav742-02-signed.fsfix
F-Secure Anti-Virus Client Security 6.03
6.04		 ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk606-01- signed.fsfix
F-Secure Anti-Virus for Workstations 7.10
7.11		 ftp://ftp.f-secure.com/support/hotfix/fsav/fsav742-02-signed.fsfix
F-Secure Anti-Virus for Windows Servers 7.00
7.01		 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsav721-01- signed.fsfix
F-Secure Anti-Virus for Citrix Servers 7.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsav721-01-signed.fsfix
F-Secure Anti-Virus for Citrix Servers 5.52 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-15-signed.fsfix
F-Secure Linux Client Security 5.53 http://www.f- secure.com/webclub/fscsl.html
F-Secure Linux Client Security 5.54 http://www.f- secure.com/webclub/fscsl.html
F-Secure Linux Server Security 5.53 http://www.f- secure.com/webclub/fsssl.html
F-Secure Linux Server Security 5.54 http://www.f- secure.com/webclub/fsssl.html
F-Secure Anti-Virus for Linux Gateways 4.65 http://www.f- secure.com/webclub/fsavgwl.html
F-Secure Anti-Virus for Microsoft Exchange 6.62 ftp://ftp.f- secure.com/support/hotfix/fsav-mse/fsavmse662-05.zip
F-Secure Anti-Virus for Microsoft Exchange 7.00 ftp://ftp.f- secure.com/support/hotfix/fsav-mse/fsavmse700-02.zip
F-Secure Anti-Virus for Microsoft Exchange 7.10 ftp://ftp.f- secure.com/support/hotfix/fsav-mse/fsavmse710-01.zip
F-Secure Internet Gatekeeper 6.61 ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk661-02.zip
F-Secure Internet Gatekeeper for Linux 2.16 http://www.f- secure.com/webclub/fsigkl.html
F-Secure Anti-Virus for MIMEsweeper 5.61 ftp://ftp.f-secure.com/support/hotfix/fsav-msw/fsavsr552-15-signed.fsfix
F-Secure Messaging Security Gateway 4.0.6
4.0.7		 Packages will be available in the update channel, and installed automatically.
Protection Services For Consumers 7.00 and earlier Packages will be available in the update channel, and installed automatically.
Protection Services For Businesses 3 Packages will be available in the update channel, and installed automatically.
F-Secure Internet Security 2006,
2007,
2007 v.7.02,
2008		 Packages will be available in the update channel, and installed automatically.
F-Secure Mobile Anti-Virus for S60 2nd edition   Packages will be available in the update channel, and installed automatically.
F-Secure Mobile Anti-Virus for Windows Mobile 2003/5.0/6   Packages will be available in the update channel, and installed automatically.
F-Secure Mobile Security for Series 80   Packages will be available in the update channel, and installed automatically.
Credits F-Secure wants to thank University of Oulu for submitting these issues.
Revision history FSC-2008-03-17

Contact information:
Support: http://www.f-secure.com/en_UK/support/