Computer Crime Research Center


F-Secure software found vulnerable by F-Secure

Date: January 22, 2006
Source: The Inquirer
By: Nick Farrell

Finnish security outfit F-Secure has had to issue a security warning about its own products.

In a security bulletin here, F-Secure said a flaw in its software meant that an attacker could run any code they like on affected systems by using ZIP and RAR files to hide any malware.

The files would bypass any F-Secure AV products and cause a buffer overflow. It will cause the problem on Windows and Linux systems.

A spokesman said that so far no hacker has worked out how to exploit this vulnerability, but it is better to be safe than sorry.

The problem will be bigger for those who use older F-Secure Linux server and gateway products. F-Secure will not automatically distribute patches for these products and users have to remember to download the patches from the F-Secure site. Newer products will have received patches online.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo