We've today released security bulletin FSC-2006-3 which covers a buffer overflow vulnerability in the web console of two of our products: F-Secure Anti-Virus for Microsoft Exchange 6.40 and F-Secure Internet Gatekeeper 6.50, 6.42, 6.41, 6.40.

If you're running these products, please read our bulletin and apply the patch. Do note that by default the web console does not allow connections from other hosts, limiting the scope of this vulnerability.

We're not aware of any known exploit code that would exploit this vulnerability. But patch anyway.