In association with heise online

20 March 2007, 15:04

Security vulnerability in F-Secure's Client Security

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider Layered Defense has reported a vulnerability in F-Secure's Client Security. It allows local users to carry out at least a denial of service attack. They may also be able to escalate their privileges.

The bug is based on incorrect processing of format strings in the management server name field. By entering a prepared string with format string expressions as the server name in the communication settings, users can read and write arbitrary memory.

F-Secure Client Security 6.02 is affected. The vendor has released a hotfix which fixes the vulnerability.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit