Summary
| Detail | |||
|---|---|---|---|
| Vendor | F-Secure | First view | 2008-02-14 |
| Product | F-Secure Protection Service For Consumers | Last view | 2009-02-06 |
| Version | 5.00 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.6 | 2009-02-06 | CVE-2008-6085 | Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow. |
| 6.8 | 2008-03-20 | CVE-2008-1412 | Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats. |
| 7.5 | 2008-02-22 | CVE-2008-0910 | Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792. |
| 5.8 | 2008-02-14 | CVE-2008-0792 | Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
| 25% (1) | CWE-189 | Numeric Errors |
| 25% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 49189 | F-Secure Multiple Products Crafted RPM File Handling Overflow |
| 43222 | F-Secure Multiple Products Archive Handling Unspecified Code Execution |
| 42904 | F-Secure Multiple Products Crafted RAR Archive Scanning Bypass |
| 42903 | F-Secure Multiple Products Crafted CAB Archive Scanning Bypass |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-03-13 | Name : F-Secure Product(s) Integer Overflow Vulnerability (Linux) File : nvt/gb_fsecure_prdts_int_overflow_vuln_lin.nasl |
| 2009-03-13 | Name : F-Secure Product(s) Integer Overflow Vulnerability (Win) File : nvt/gb_fsecure_prdts_int_overflow_vuln_win.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2008-12-11 | Name: An antivirus application installed on the remote host is affected by a remote... File: fsecure_fsc_2008_03.nasl - Type: ACT_GATHER_INFO |
| 2008-03-28 | Name: A antivirus application installed on the remote host is affected by a remote ... File: fsecure_fsc_2008_02.nasl - Type: ACT_GATHER_INFO |
