Vulnerability in F-Secure anti-virus.

Posted by: Digital Geek

Vulnerability in F-Secure anti-virus. - 02/12/05 02:47 AM

F-Secure yesterday urged users of its anti-virus products to apply security patches following the discovery of potentially serious security vulnerability in 18 of its products.

The security bug - unearthed by security researchers at ISS - involves flaws in the processing of ARJ archive files by an antivirus library that give rise to possible buffer overflow attacks. Desktop, server (Linux and Windows) and gateway version of F-Secure's security products all need attention.

"We urge all affected users to apply the patch, before some clown virus-writer tries to exploit it," said Mikko Hyppönen, director of anti-virus research at F-Secure. "This hole is related to a bug in our routine that unpacks ARJ archive files. The bug would allow an attacker to execute code when his ARJ file is scanned."

SOURCE