F-Secure patches 19 security products against attack


F-Secure patches 19 security products against attack

Antony Savvas

F-Secure has issued a patch to fix critical security flaws in a number of its anti-virus and internet security products.

Flaws in the way F-Secure’s software handles Zip and Rar data compression archives could allow attackers to execute remote code on users' systems and bypass F-Secure's anti-virus-scanning capabilities.

Vulnerabilities have been found in 19 versions of F-Secure's anti-virus products for Microsoft Windows, and in products for the Linux operating system.

F-Secure was advised of a scanning vulnerability by independent researcher Thierry Zoller.

Unpatched systems can allow attackers to create a modified Zip archive that can lead to a buffer overflow, allowing for the arbitrary execution of code.

The flaws could also allow attackers to create malformed Rar and Zip archives that cannot be properly scanned for malicious software.

The affected software includes F-Secure's Anti-Virus for Windows Servers versions 5.52 and earlier, Anti-Virus for MS Exchange versions 6.40 and earlier, and Anti-Virus for Linux Workstations versions 4.52 and earlier, as well as other products.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy