Security Advisories

FSC-2006-1: Code execution vulnerability in ZIP and RAR archive handling

Description

A structure exception handler (SEH) overwrite vulnerability in a DLL file associated with several products could be exploited under specific circumstances and may lead to remote code execution.

Affected Products

Risk LevelHIGH (Low/Medium/High/Critical)

  • F-Secure Anti-Virus 2010 and 2011
  • F-Secure Internet Security 2010 and 2011
  • Solutions based on F-Secure Protection Service for Consumers version 9
  • Solutions based on F-Secure Protection Service for Business - Workstation security version 9

Notes

These products are affected by the vulnerability, but the needed hotfix is distributed automatically by the update system. End users do not need to take any actions.

Platforms

  • All platforms supported by the affected products

Patch Available

Product Versions Download
F-Secure Internet Security 2010 and 2011 Fix available in the automatic update channel. No user actions needed.
F-Secure Anti-Virus 2010 and 2011 Fix available in the automatic update channel. No user actions needed.
Solutions based on F-Secure Protection Service for Business - Workstation security 9 Fix available in the automatic update channel. No user actions needed.
Solutions based on F-Secure Protection Service for Consumers version 9 Fix available in the automatic update channel. No user actions needed.

Credits

F-Secure Corporation wants to thank Anil Aphale (aka 41.w4r10r) of Controlcase India Ltd for bringing this issue to our attention.

Date Issued: 2011-08-23
Last Updated: 2011-08-23

Get Support

For documentation and product support, visit our Support site.

Go Support

F-Secure Community

Give advice. Get advice. Share the knowledge on our free discussion forum.

Go Community