Summary
Detail | |||
---|---|---|---|
Vendor | F-Secure | First view | 2009-05-22 |
Product | Client Security | Last view | 2021-08-05 |
Version | - | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | premium | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:f-secure:client_security |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.5 | 2021-08-05 | CVE-2021-33597 | A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. |
7.8 | 2019-05-17 | CVE-2019-11644 | In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context. |
6.8 | 2009-05-22 | CVE-2009-1782 | Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-427 | Uncontrolled Search Path Element |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
54686 | F-Secure Multiple Products RAR Archive Scanning Bypass |
54685 | F-Secure Multiple Products ZIP Archive Scanning Bypass |
OpenVAS Exploits
id | Description |
---|---|
2009-06-17 | Name : F-Secure Products Security Bypass Vulnerability (Linux) File : nvt/secpod_fsecure_prdts_sec_bypass_vuln_lin.nasl |
2009-06-17 | Name : F-Secure Products Malware Detection Bypass Vulnerability (Win) File : nvt/secpod_fsecure_prdts_sec_bypass_vuln_win.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2009-05-10 | Name: An antivirus application installed on the remote host is affected by a scan e... File: fsecure_fsc_2009_01.nasl - Type: ACT_GATHER_INFO |