F-Secure has issued a patch to fix critical security flaws in a number of its anti-virus and internet security...
Flaws in the way F-Secure’s software handles Zip and Rar data compression archives could allow attackers to execute remote code on users' systems and bypass F-Secure's anti-virus-scanning capabilities.
Vulnerabilities have been found in 19 versions of F-Secure's anti-virus products for Microsoft Windows, and in products for the Linux operating system.
F-Secure was advised of a scanning vulnerability by independent researcher Thierry Zoller.
Unpatched systems can allow attackers to create a modified Zip archive that can lead to a buffer overflow, allowing for the arbitrary execution of code.
The flaws could also allow attackers to create malformed Rar and Zip archives that cannot be properly scanned for malicious software.
The affected software includes F-Secure's Anti-Virus for Windows Servers versions 5.52 and earlier, Anti-Virus for MS Exchange versions 6.40 and earlier, and Anti-Virus for Linux Workstations versions 4.52 and earlier, as well as other products.