Finnish security vendor F-Secure has patched multiple vulnerabilities in three product lines: F-Secure's Anti-Virus, Internet Gatekeeper and Internet Security product suites. A buffer overflow vulnerability lying in the processing of LHA archives could have allowed an attacker to execute arbitrary code or create a denial-of-service condition. "An attacker may create a specially crafted LHA archive, which then in its decompression phase exploits the described buffer overflow vulnerability, allowing arbitrary code to be executed or the exploit to create a denial-of-service condition," said officials at the Helsinki, Finland-based company.
An Input/Output Control vulnerability in the Real-time Scanning component of F-Secure workstation and file server products for Windows was also fixed. An attacker with local access to the system could escalate their privileges to the system with a specially crafted I/O request packet due to improper access validation of the address space used by Real-time Scanning, company officials said. Finally, a bug in F-Secure's Policy Manager Server could have been used by attackers to launch a denial-of-service attack. A DoS condition could be triggered by using NTFS-reserved words as URL filenames, company officials warned.
News source: eWeek