Multiple security vulnerabilities in F-Secure
F-Secure has reported multiple security vulnerabilities in its anti-virus products for consumer and enterprise users. By exploiting these vulnerabilities attackers can inject and execute malicious code or crash the service using crafted executable files or archives.
Crafted LHA archives can cause a buffer overflow during unpacking. This is the same bug as was fixed in GZIP back in the autumn of last year. Sergio Alvarez from n.runs has discovered further vulnerabilities when processing crafted archives and executable files, which can cause F-Secure products to enter infinite loops.
A third security vulnerability can occur when processing I/O request packets (IRP) in the real time scanning component, which fails to correctly check the address space it accesses. Local users can exploit this to escalate their privileges.
F-Secure is already distributing updates which automatically install the software for the consumer products, such as F-Secure Anti-Virus and Internet Security. For the enterprise solutions, administrators will need to download and install the patches, which F-Secure links to in its security bulletins, themselves.
- Buffer overflow vulnerability in handling of specially crafted LHA archives, security bulletin from F-Secure
- IOCTL vulnerability in Real-time Scanning component of F-Secure workstation and file server products for Windows, security bulletin from F-Secure
- Vulnerabilities in scanning of specially crafted archives and certain packed executables, security bulletin from F-Secure