Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.
Vector
NETWORK
Complexity
HIGH
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
F-secure F-secure anti-virus linux client security 5.53 (not an official CPE)
F-secure F-secure anti-virus for microsoft exchange 7.10 (not an official CPE)
F-secure F-secure anti-virus 7.02 (not an official CPE)
F-secure F-secure internet gatekeeper for windows 6.61 (not an official CPE)
F-secure F-secure internet security 7.02 (not an official CPE)
F-secure F-secure protection service for consumers 5.00 (not an official CPE)
F-secure F-secure anti-virus for windows servers 8.00 (not an official CPE)
F-secure F-secure anti-virus for microsoft exchange 6.62 (not an official CPE)
F-secure F-secure protection service for business 3.00 (not an official CPE)
F-secure F-secure protection service for consumers 8.00 (not an official CPE)
F-secure F-secure anti-virus for citrix servers 7.00 (not an official CPE)
F-secure F-secure anti-virus 2009 (not an official CPE)
F-secure F-secure client security 7.11 (not an official CPE)
F-secure F-secure anti-virus for workstations 7.11 (not an official CPE)
F-secure F-secure anti-virus 2007 Second (not an official CPE)
F-secure F-secure linux security 7.01 (not an official CPE)
F-secure F-secure anti-virus for workstations 7.10 (not an official CPE)
F-secure F-secure anti-virus 2006 (not an official CPE)
F-secure F-secure anti-virus for microsoft exchange 7.00 (not an official CPE)
F-secure F-secure anti-virus 2007 (not an official CPE)
F-secure F-secure anti-virus 2008 (not an official CPE)
F-secure F-secure messaging security gateway 5.0.4 (not an official CPE)
F-secure F-secure protection service for consumers 6.00 (not an official CPE)
F-secure F-secure client security 7.12 (not an official CPE)
F-secure F-secure internet security 2008 (not an official CPE)
F-secure F-secure internet security 2007 (not an official CPE)
F-secure F-secure internet security 2009 (not an official CPE)
F-secure F-secure internet security 2006 (not an official CPE)
F-secure F-secure internet security 2007 Second (not an official CPE)
F-secure F-secure anti-virus for mimesweeper 5.61 (not an official CPE)
F-secure F-secure anti-virus linux client security 5.52 (not an official CPE)
F-secure F-secure anti-virus linux client security 5.30 (not an official CPE)
F-secure F-secure anti-virus linux client security 5.54 (not an official CPE)
F-secure F-secure anti-virus linux server security 5.54 (not an official CPE)
F-secure F-secure messaging security gateway 4.0.7 (not an official CPE)
F-secure F-secure home server security 2009 (not an official CPE)
F-secure F-secure protection service for business 3.10 (not an official CPE)
F-secure F-secure anti-virus linux server security 5.52 (not an official CPE)
F-secure F-secure anti-virus linux server security 5.30 (not an official CPE)
F-secure F-secure internet gatekeeper for linux 2.16 (not an official CPE)
F-secure F-secure protection service for consumers 7.00 (not an official CPE)
F-secure - F-secure anti-virus linux client security
F-secure - F-secure anti-virus for microsoft exchange
F-secure - F-secure anti-virus
F-secure - F-secure internet gatekeeper for windows
F-secure - F-secure internet security
F-secure - F-secure protection service for consumers
F-secure - F-secure anti-virus for windows servers
F-secure - F-secure protection service for business
F-secure - F-secure anti-virus for citrix servers
F-secure - F-secure client security
F-secure - F-secure anti-virus for workstations
F-secure - F-secure linux security
F-secure - F-secure messaging security gateway
F-secure - F-secure anti-virus for mimesweeper
F-secure - F-secure anti-virus linux server security
F-secure - F-secure home server security
F-secure - F-secure internet gatekeeper for linux
Advisory | Patch | Confirmed | Link |
---|---|---|---|
fsecure-multipleproducts-rpm-bo(46016) | |||
ADV-2008-2874 | |||
1021073 | |||
31846 | |||
http://www.f-secure.com/security/fsc-2008-3.shtml |