Security Advisories

FSC-2015-4: DLL Pre-loading attack in Online Scanner

Description

F-Secure Online Scanner is susceptible to a DLL pre-loading attack if the user is tricked into downloading a specially crafted DLL file.

Affected Products

Risk Level (Low/Medium/High/Critical): Low

  • F-Secure Online Scanner

Platforms

Risk Level (Low/Medium/High/Critical): Low

  • All supported platforms for the affected product

More Information

F-Secure Online Scanner is susceptible to a DLL pre-loading attack if a user is tricked into downloading an arbitrary DLL file that resides in the same folder as F-SecureOnlineScanner.exe. The identifier CVE-2015-8264 has been assigned to this issue.

Fix Available

Product Download
F-Secure Online Scanner Download the latest version from https://www.f-secure.com/en/web/home_global/online-scanner

 

Credits

F-Secure Corporation would like to thank Stefan Kanthak for bringing this issue to our attention.

Date Issued: 2015-12-17