Security vulnerability in F-Secure's Client Security
Security services provider Layered Defense has reported a vulnerability in F-Secure's Client Security. It allows local users to carry out at least a denial of service attack. They may also be able to escalate their privileges.
The bug is based on incorrect processing of format strings in the management server name field. By entering a prepared string with format string expressions as the server name in the communication settings, users can read and write arbitrary memory.
F-Secure Client Security 6.02 is affected. The vendor has released a hotfix which fixes the vulnerability.