Sign-up

ID

VAR-200710-0282


CVE

CVE-2007-5143


TITLE

F-Secure Anti-Virus Vulnerable to virus scanning

Trust: 0.8

sources: JVNDB: JVNDB-2007-002708

DESCRIPTION

F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus. F-Secure Anti-Virus for Windows Servers is prone to a vulnerability that may allow certain malware to bypass detection. An attacker may exploit this issue by placing maliciously crafted archives or packed executables in specific locations on a victim's computer. Successful exploits will allow attackers to place on the computer malicious code that the antivirus application will fail to detect. If this code is subsequently run, this may result in a malware infection. F-Secure Anti-Virus for Windows Servers 7.0 is affected by this issue. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: F-Secure Archives and Packed Executables Detection Bypass SECUNIA ADVISORY ID: SA26948 VERIFY ADVISORY: http://secunia.com/advisories/26948/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: F-Secure Anti-Virus for Windows Servers 7.x http://secunia.com/product/14382/ DESCRIPTION: A vulnerability has been reported in F-Secure Anti-Virus, which can be exploited by malware to bypass the scanning functionality. The vulnerability only affects 64-bit server platforms. SOLUTION: Apply patch. ftp://ftp.f-secure.com/support/hotfix/fsav/fsav720-01-signed.fsfix PROVIDED AND/OR DISCOVERED BY: The vendor credits Mr Papadorotheoun. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2007-6.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2007-5143 // JVNDB: JVNDB-2007-002708 // BID: 25824 // VULHUB: VHN-28505 // VULMON: CVE-2007-5143 // PACKETSTORM: 59636

AFFECTED PRODUCTS

vendor:f securemodel:f-secure anti-virusscope:eqversion:7.00

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:windows servers edition

Trust: 0.8

vendor:microsoftmodel:windows server 2003scope:eqversion:7.0 64-bit edition

Trust: 0.8

vendor:microsoftmodel:windows 2003 serverscope:eqversion:x64

Trust: 0.6

vendor:f securemodel:anti-virus for windows serversscope:eqversion:7.00

Trust: 0.3

sources: BID: 25824 // JVNDB: JVNDB-2007-002708 // CNNVD: CNNVD-200710-035 // NVD: CVE-2007-5143

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-5143
value: LOW

Trust: 1.0

NVD: CVE-2007-5143
value: LOW

Trust: 0.8

CNNVD: CNNVD-200710-035
value: LOW

Trust: 0.6

VULHUB: VHN-28505
value: LOW

Trust: 0.1

VULMON: CVE-2007-5143
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2007-5143
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-28505
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-28505 // VULMON: CVE-2007-5143 // JVNDB: JVNDB-2007-002708 // CNNVD: CNNVD-200710-035 // NVD: CVE-2007-5143

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-DesignError

Trust: 0.8

sources: JVNDB: JVNDB-2007-002708 // NVD: CVE-2007-5143

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200710-035

TYPE

Unknown

Trust: 0.9

sources: BID: 25824 // CNNVD: CNNVD-200710-035

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002708

PATCH
title:Security advisoriesurl:http://www.f-secure.com/en/web/labs_global/security-advisories
Trust: 0.8
title:Top Pageurl:http://windows.microsoft.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002708

EXTERNAL IDS
db:NVDid:CVE-2007-5143
Trust: 2.9
db:BIDid:25824
Trust: 2.1
db:SECUNIAid:26948
Trust: 1.9
db:SECTRACKid:1018745
Trust: 1.8
db:OSVDBid:41377
Trust: 1.8
db:VUPENid:ADV-2007-3277
Trust: 1.8
db:JVNDBid:JVNDB-2007-002708
Trust: 0.8
db:XFid:36833
Trust: 0.6
db:CNNVDid:CNNVD-200710-035
Trust: 0.6
db:VULHUBid:VHN-28505
Trust: 0.1
db:VULMONid:CVE-2007-5143
Trust: 0.1
db:PACKETSTORMid:59636
Trust: 0.1
sources:
            
            
            VULHUB: VHN-28505 // 
            
            
            
            VULMON: CVE-2007-5143 // 
            
            
            
            BID: 25824 // 
            
            
            
            JVNDB: JVNDB-2007-002708 // 
            
            
            
            PACKETSTORM: 59636 // 
            
            
            
            CNNVD: CNNVD-200710-035 // 
            
            
            
            NVD: CVE-2007-5143

REFERENCES
url:http://www.f-secure.com/security/fsc-2007-6.shtml
Trust: 2.2
url:http://www.securityfocus.com/bid/25824
Trust: 1.8
url:http://osvdb.org/41377
Trust: 1.8
url:http://www.securitytracker.com/id?1018745
Trust: 1.8
url:http://secunia.com/advisories/26948
Trust: 1.8
url:http://www.vupen.com/english/advisories/2007/3277
Trust: 1.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/36833
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5143
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5143
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/36833
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/3277
Trust: 0.6
url:http://www.f-secure.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/product/14382/
Trust: 0.1
url:http://secunia.com/advisories/26948/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
sources:
            
            
            VULHUB: VHN-28505 // 
            
            
            
            VULMON: CVE-2007-5143 // 
            
            
            
            BID: 25824 // 
            
            
            
            JVNDB: JVNDB-2007-002708 // 
            
            
            
            PACKETSTORM: 59636 // 
            
            
            
            CNNVD: CNNVD-200710-035 // 
            
            
            
            NVD: CVE-2007-5143

CREDITS
Mr Papadorotheoun is credited with discovering this issue.
Trust: 0.3
sources:
            
            
            BID: 25824

SOURCES
db:VULHUBid:VHN-28505
db:VULMONid:CVE-2007-5143
db:BIDid:25824
db:JVNDBid:JVNDB-2007-002708
db:PACKETSTORMid:59636
db:CNNVDid:CNNVD-200710-035
db:NVDid:CVE-2007-5143

LAST UPDATE DATE
2024-11-23T22:09:45.582000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-28505date:2017-07-29T00:00:00
db:VULMONid:CVE-2007-5143date:2017-07-29T00:00:00
db:BIDid:25824date:2015-05-07T17:35:00
db:JVNDBid:JVNDB-2007-002708date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200710-035date:2007-10-03T00:00:00
db:NVDid:CVE-2007-5143date:2024-11-21T00:37:14.180

SOURCES RELEASE DATE
db:VULHUBid:VHN-28505date:2007-10-01T00:00:00
db:VULMONid:CVE-2007-5143date:2007-10-01T00:00:00
db:BIDid:25824date:2007-09-27T00:00:00
db:JVNDBid:JVNDB-2007-002708date:2012-06-26T00:00:00
db:PACKETSTORMid:59636date:2007-09-27T23:54:21
db:CNNVDid:CNNVD-200710-035date:2007-10-01T00:00:00
db:NVDid:CVE-2007-5143date:2007-10-01T05:17:00