Vulnerabilities
Vulnerable Software
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection.
CVSS Score
5.0
EPSS Score
0.006
Published
2010-04-15
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
CVSS Score
9.3
EPSS Score
0.015
Published
2007-06-20
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."
CVSS Score
7.2
EPSS Score
0.001
Published
2007-05-31
Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
CVSS Score
7.5
EPSS Score
0.058
Published
2007-05-31
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
CVSS Score
10.0
EPSS Score
0.092
Published
2007-05-31
F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier allows remote attackers to bypass anti-virus scanning via a crafted filename.
CVSS Score
5.0
EPSS Score
0.013
Published
2006-07-10
F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier does not scan files contained on removable media when "Scan network drives" is disabled, which allows remote attackers to bypass anti-virus controls.
CVSS Score
5.0
EPSS Score
0.013
Published
2006-07-10
Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives.
CVSS Score
7.5
EPSS Score
0.064
Published
2006-01-21
Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned.
CVSS Score
5.0
EPSS Score
0.021
Published
2006-01-21
Heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products allows remote attackers to execute arbitrary code via a crafted ARJ archive.
CVSS Score
7.5
EPSS Score
0.031
Published
2005-05-02


Contact Us

Shodan ® - All rights reserved