|
||||||||||||||||
|
||||||||||||||||
|
| |||||||||||||||
|
||||||||||||||||
|
||||||||||||||||
|
|
 |
| |
|
| |
| |
|
|
|
|
|
|
|
áòèé÷ :: Security-alerts |
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [security-alerts] FW: [SA20858] F-Secure Antivirus Products Scanning Bypass Vulnerability
> > TITLE: > F-Secure Antivirus Products Scanning Bypass Vulnerability > > SECUNIA ADVISORY ID: > SA20858 > > VERIFY ADVISORY: > > > CRITICAL: > Moderately critical > > IMPACT: > Security Bypass > > WHERE: > From remote > > SOFTWARE: > F-Secure Anti-Virus 2004 > > F-Secure Anti-Virus 2005 > > F-Secure Anti-Virus 2006 > > F-Secure Anti-Virus Client Security 5.x > > F-Secure Anti-Virus Client Security 6.x > > F-Secure Anti-Virus for Citrix Servers 5.x > > F-Secure Anti-Virus for MIMEsweeper 5.x > > F-Secure Anti-Virus for Windows Servers 5.x > > F-Secure Anti-Virus for Workstations 5.x > > F-Secure Internet Security 2004 > > F-Secure Internet Security 2005 > > F-Secure Internet Security 2006 > > F-Secure Service Platform for Service Providers (Personal Express) > 6.x > > > DESCRIPTION: > Two vulnerabilities have been reported in various F-Secure Antivirus > products, which can be exploited by malware to bypass the scanning > functionality. > > 1) An unspecified error within the handling of executable programs > where the name has been manipulated in a certain way can be exploited > to bypass the anti-virus scanning functionality. > > 2) An error causes files on removable media to not be scanned when > the "Scan network devices" option has been disabled. > > Successful exploitation of the vulnerabilities bypasses the real-time > scanning functionality and may result in execution of malware on the > system. > > SOLUTION: > Apply patches (see patch matrix in the vendor's advisory). > > PROVIDED AND/OR DISCOVERED BY: > Reported by the vendor. > > ORIGINAL ADVISORY: > F-Secure: > >
|