Specially crafted IPC messages on F-Secure components FSMA, FSSM and Gatekeeper can lead to denial of service or local privilege escalation.
Multiple memory vulnerabilities were discovered in the FSMA, FSSM and Gatekeeper components used in certain F-Secure products. These vulnerabilities can be triggered locally by an attacker without special privileges through specially-crafted inter-process communication (IPC) messages. A successful attack will result in denial of service of the anti-virus product or can lead to privilege escalation.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known attack has been observed in-the-wild at the time of the advisory release.
An attacker would require local code execution rights for successful exploitation.
Product | Versions | Download |
---|---|---|
Client Security Standard/Premium |
12.33 | Steps to upgrade:
For more details, please refer to the links below: |
Client Security Standard/Premium | 13.10 | Steps to upgrade:
|
Server Security Standard/Premium |
12.12 | Download and install from the weblink: here |
Email And Server Security Standard/Premium | 12.12 | Download and install from the weblink: here |
PSB Workstation |
12.01.293 | Fixed versions for PSB products will be available on PSB portal download page |
PSB Email And Server Security |
12.10.284 | Fixed versions for PSB products will be available on PSB portal download page |
F-Secure Corporation would like to thank ZombiE for bringing this issue to our attention.
Date Issued: 2018-02-01