|
|
Family: Windows --> Category: infos
F-Secure ZIP/RAR Archive Handling Overflow Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for ZIP/RAR archive handling overflow vulnerabilities in F-Secure products
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote anti-virus software is affected by multiple buffer overflow
vulnerabilities
Description :
The remote host is running an anti-virus software application from
F-Secure.
The version of F-Secure anti-virus installed on the remote Windows
host contains flaws in the way it handles ZIP and RAR archives that
reportedly can be leveraged by a possible hacker to bypass scanning or to
execute arbitrary code remotely subject to the local SYSTEM
rights.
See also :
http://www.zoller.lu/
http://www.f-secure.com/security/fsc-2006-1.shtml
Solution :
Enable auto-updates if using F-Secure Internet Security 2004-2006,
F-Secure Anti-Virus 2004-2006, or F-Secure Personal Express version
6.20 or earlier. Otherwise, apply the appropriate hotfix as listed in
the vendor advisory referenced above.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
