Security Advisories

FSC-2018-2: Remote Code Execution in F-Secure Windows Endpoint Protection Products

Description

A memory handling error in F-Secure's file scanner implementation can lead to remote code execution in F-Secure Windows endpoint protection products.

Status: Resolved. A fix has been released through the automatic update channel. No user action is required if automatic update is enabled. 

Affected Products

Risk Level (Low/Medium/High/Critical): Critical

Consumer Products: 

  • F-Secure SAFE for Windows 

Corporate Products: 

  • F-Secure Client Security
  • F-Secure Client Security Premium
  • F-Secure Server Security
  • F-Secure Server Security Premium 
  • F-Secure PSB Server Security
  • F-Secure Email and Server Security
  • F-Secure Email and Server Security Premium
  • F-Secure PSB Email and Server Security
  • F-Secure PSB Workstation Security
  • F-Secure Computer Protection
  • F-Secure Computer Protection Premium

Platforms

Risk Level (Low/Medium/High/Critical): Critical

  • Windows

More Information

A vulnerability affecting most F-Secure Windows endpoint protection products was discovered whereby scanning a maliciously crafted RAR archive can lead to arbitrary code execution. The vulnerability can be exploited both locally for privilege escalation as well as remotely if the local user is tricked to download a maliciously crafted archive. A successful attack will result in the attacker gaining full control of the system.

This issue and a Proof-of-Concept exploit was reported privately to F-Secure as part of our Vulnerability Reward Program. No known attacks have been reported or observed in the wild.

 

Mitigating Factors

This issue has been fixed by our products' automatic update mechanisms. Only if the automatic updates have been explicitly turned off, do users need to trigger an update manually.

In products F-Secure Email and Server Security, F-Secure Email and Server Security Premium and F-Secure PSB Email Security, the email scanning part does not make use of the vulnerable component.

User interaction is required prior to successful exploitation. The product setting of "Scan inside compressed files (zip, arj, lzh, …)" must be enabled to trigger archive scanning.

F-Secure's products for Linux and Mac are not affected by this issue.

Fix Available

Fix Available for Consumer Products

Product

Versions

Download

F-Secure SAFE for Windows

17.2

A fix has been released in the automatic update channel with the F-Secure Ultralight Core 2018-05-07_01 database since 22nd May 2018.  No user action is required if automatic update is enabled.

 

Fix Available for Corporate Products

Product

Versions

Download

F-Secure Client Security and F-Secure Client Security Premium

13.XX

A fix has been released in the automatic update channel with the F-Secure Ultralight Core 2018-05-07_01 database since 22nd May 2018.  No user action is required if automatic update is enabled.

F-Secure Client Security and F-Secure Client Security Premium

12.XX

A fix has been released in the automatic update channel with the F-Secure Scanner Manager 2018-05-22_01 database since 22nd May 2018.  No user action is required if automatic update is enabled.

F-Secure Server Security and F-Secure Server Security Premium

12.XX

A fix has been released in the automatic update channel with the F-Secure Scanner Manager 2018-05-22_01 database since 22nd May 2018.  No user action is required if automatic update is enabled.

F-Secure Email and Server Security and F-Secure Email and Server Security Premium

12.XX

A fix has been released in the automatic update channel with the F-Secure Scanner Manager 2018-05-22_01 database since 22nd May 2018.  No user action is required if automatic update is enabled.

F-Secure PSB Email and Server Security

12.10

A fix has been released in the automatic update channel with the F-Secure Scanner Manager 2018-05-22_01 database since 22nd May 2018.  No user action is required if automatic update is enabled.

F-Secure PSB Server Security

12.10

A fix has been released in the automatic update channel with the F-Secure Scanner Manager 2018-05-22_01 database since 22nd May 2018.  No user action is required if automatic update is enabled.

F-Secure PSB Workstation Security 12.XX

A fix has been released in the automatic update channel with the F-Secure Scanner Manager 2018-05-22_01 database since 22nd May 2018.  No user action is required if automatic update is enabled.

F-Secure Computer Protection 17.1

A fix has been released in the automatic update channel with the F-Secure Ultralight Core 2018-05-07_01 database since 22nd May 2018.  No user action is required if automatic update is enabled.

 

Credits

F-Secure Corporation would like to thank "landave" for bringing this issue to our attention. 

Date Issued: 2018-06-01
Date Updated: 2018-06-07