F-Secure Security Bulletin FSC-2007-4
Denial of service vulnerability in F-Secure Policy Manager Server host module

Date issued	2007-05-29
Last updated	2007-05-29
Risk factor	Low (Low/Medium/High/Critical)
Brief description	F-Secure Policy Manager Server has denial of service vulnerability in fsmsh.dll host module. This may allow an attacker to execute denial of service code in F-Secure Policy Manager Server.
Software	F-Secure Policy Manager Server
Affected versions	F-Secure Policy Manager Server version 7.00 and earlier
Affected platforms	All supported Windows versions
Bulletin location	http://www.f-secure.com/security/fsc-2007-4.shtml
Issue:	An attacker may remotely cause denial of service in F-Secure Policy Manager Server by using NTFS reserved words as URL filenames.
Products:	F-Secure Policy Manager Server 7.00 F-Secure Policy Manager Server 6.xx F-Secure Policy Manager Server 5.xx
Risk Factor:	Low These products contain the vulnerability, but since product is always installed to internal company local area network and is not available through public Internet, the problem risk factor is low.
Patch availability:
Product Versions Hotfix ID Download F-Secure Policy Manager Server 5.xx - 7.00 Upgrade to F-Secure Policy Manager Server 7.01 http://www.f-secure.com/webclub/fspm.html F-Secure Policy Manager Server 5.70 - 7.00 fspms-700-60x-570-hotfix2.zip ftp://ftp.f-secure.com/support/hotfix/fspm/fspms-700-60x-570-hotfix2.zip
Credits:	F-Secure want to thank David Maciejak for reporting this issue.
Revision History:	FSC-2007-4 - 2007-05-29

Contact Information:
Support: http://support.f-secure.com/enu/home/contactus/
Security: http://www.f-secure.com/security/
URL: http://www.f-secure.com/