FSC-2011-3: SEH Overwrite Vulnerability in DLL File
Brief Description
A structure exception handler (SEH) overwrite vulnerability in a DLL file associated with several products could be exploited under specific circumstances and may lead to remote code execution.
Affected Platforms
All platforms supported by the affected products.
Products
Risk Level: HIGH (Low/Medium/High/Critical)
• F-Secure Anti-Virus 2010 and 2011
• F-Secure Internet Security 2010 and 2011
• Solutions based on F-Secure Protection Service for Consumers version 9
• Solutions based on F-Secure Protection Service for Business - Workstation security version 9
Notes
These products are affected by the vulnerability, but the needed hotfix is distributed automatically by the update system. End users do not need to take any actions.
Credit
F-Secure Corporation wants to thank Anil Aphale (aka 41.w4r10r) of Controlcase India Ltd for bringing this issue to our attention.
Patch Available
| Product | Versions | Download |
|---|---|---|
| F-Secure Internet Security | 2010 and 2011 | Fix available in the automatic update channel. No user actions needed. |
| F-Secure Anti-Virus | 2010 and 2011 | Fix available in the automatic update channel. No user actions needed. |
| Solutions based on F-Secure Protection Service for Business - Workstation security | 9 | Fix available in the automatic update channel. No user actions needed. |
| Solutions based on F-Secure Protection Service for Consumers version | 9 | Fix available in the automatic update channel. No user actions needed. |
Date Issued: 2011-08-23
Last Updated: 2011-08-23
