Security Advisories

FSC-2015-4: DLL Pre-loading attack in Online Scanner

Description

F-Secure Online Scanner is susceptible to a DLL pre-loading attack if the user is tricked into downloading a specially crafted DLL file.

Affected Products

  • Risk Level (Low/Medium/High/Cricital) Low
  • F-Secure Online Scanner

Platforms

  • Risk Level (Low/Medium/High/Cricital) Low
  • All supported platforms for the affected product

More Information

F-Secure Online Scanner is susceptible to a DLL pre-loading attack if a user is tricked into downloading an arbitrary DLL file that resides in the same folder as F-SecureOnlineScanner.exe. The identifier CVE-2015-8264 has been assigned to this issue.

Fix Available

Aenean eget nisl ex. Sed hendrerit ultrices lorem, a finibus neque venenatis consequat. Proin vel leo id felis tempor bibendum. Integer euismod auctor erat, at cursus lectus convallis quis. Maecenas sit amet blandit leo. Donec hendrerit hendrerit tempor.

 

Product Download
F-Secure Online Scanner Download the latest version from the F-Secure Online Scanner product page.

Credits

F-Secure Corporation would like to thank Stefan Kanthak for bringing this issue to our attention.

Date Issued: 2015-12-17