Security Advisories

FSC-2010-4: Binary planting vulnerability

Description

Under certain circumstances, an attacker can trick the system into executing a binary file that has been planted on a disk resource that the computer can access.

Affected Products

Risk Level: HIGH (Low/Medium/High/Critical)

These products are affected by the vulnerability, but the needed hotfix is distributed automatically by the update system. End users do not need to take any actions.

  • Solutions based on F-Secure Protection Service for Consumers version 9
  • Solutions based on F-Secure Protection Service for Business - Workstation security version 9
  • Solutions based on F-Secure Protection Service for Business - Email and Server Security version 9
  • Solutions based on F-Secure Protection Service for Business - Server Security version 9
  • F-Secure Internet Security 2010 and 2011
  • F-Secure Anti-Virus 2010 and 2011

Risk Level: HIGH (Low/Medium/High/Critical)

These products are affected by the vulnerability. Administrators should download and apply the hotfixes listed below.

  • F-Secure Client Security 9.00-9.01
  • F-Secure Anti-Virus for Workstations 9.00-9.01
  • F-Secure Anti-Virus for Windows Servers 9.00
  • F-Secure Anti-Virus for Citrix Servers 9.00

Platforms

All platforms supported by the affected products.

Notes

F-Secure recommends that administrators of the affected systems patch or upgrade their systems.

Patch Available

Product Versions Download
Solutions based on F-Secure Protection Service for Consumers 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - Workstation security 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - Email and Server Security 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - Server Security 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Internet Security 2010 and 2011 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus 2010 and 2011 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Client Security 9.00-9.01 ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS900-HF02-signed.fsfix (5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS900-HF02-signed.jar (5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS901-HF08-signed.fsfix (5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS901-HF08-signed.jar (5065 KB)
F-Secure Anti-Virus for Workstations 9.00-9.01 ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS900-HF01-signed.fsfix 5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS900-HF01-signed.jar (5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS901-HF03-signed.fsfix (5065 KB)
ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS901-HF03-signed.jar (5065 KB)
F-Secure Anti-Virus for Windows Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.fsfix (4953 KB)
ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.jar (4953 KB)
F-Secure Anti-Virus for Citrix Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.fsfix (4953 KB)
ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.jar (4953 KB)

Credits

F-Secure Corporation wants to thank Simon Raner of ACROS Security (http://www.acrossecurity.com) for bringing this issue to our attention.

Date Issued: 2010-12-15
Last Updated: 2010-12-15

Get Support

For documentation and product support, visit our Support site.

Go Support

F-Secure Community

Give advice. Get advice. Share the knowledge on our free discussion forum.

Go Community