ID

VAR-201004-0463

CVE

CVE-2010-1425

TITLE

F-Secure Internet Security 2010 Vulnerabilities that can be avoided in

DESCRIPTION

F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection. F-Secure Anti-Virus is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: F-Secure Products Archive Files Detection Bypass SECUNIA ADVISORY ID: SA39396 VERIFY ADVISORY: http://secunia.com/advisories/39396/ DESCRIPTION: A weakness has been reported in F-Secure products, which can be exploited by malware to bypass the scanning functionality. The weakness is caused due to an error in the handling of 7Z, GZIP, CAB, and RAR files and can be exploited to bypass the anti-virus scanning functionality via a specially crafted archive file. For products that do not support automatic updates, apply the patches (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits ReversingLabs. ORIGINAL ADVISORY: F-Secure: http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Unknown

SOURCES

LAST UPDATE DATE

2024-11-23T22:49:53.718000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE