F-Secure patches 19 security products against attack


F-Secure patches 19 security products against attack

Antony Savvas

F-Secure has issued a patch to fix critical security flaws in a number of its anti-virus and internet security products.

Flaws in the way F-Secure’s software handles Zip and Rar data compression archives could allow attackers to execute remote code on users' systems and bypass F-Secure's anti-virus-scanning capabilities.

Vulnerabilities have been found in 19 versions of F-Secure's anti-virus products for Microsoft Windows, and in products for the Linux operating system.

F-Secure was advised of a scanning vulnerability by independent researcher Thierry Zoller.

Unpatched systems can allow attackers to create a modified Zip archive that can lead to a buffer overflow, allowing for the arbitrary execution of code.

The flaws could also allow attackers to create malformed Rar and Zip archives that cannot be properly scanned for malicious software.

The affected software includes F-Secure's Anti-Virus for Windows Servers versions 5.52 and earlier, Anti-Virus for MS Exchange versions 6.40 and earlier, and Anti-Virus for Linux Workstations versions 4.52 and earlier, as well as other products.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy