Finnish security vendor F-Secure has patched multiple vulnerabilities in its software, including a buffer overflow vulnerability affecting a number of its products.
The buffer overflow vulnerability lies in the processing of LHA archives and may allow an attacker to execute arbitrary code or create a denial-of-service condition. This flaw is related to a similar problem discovered last fall involving the way the Gzip decompression utility handles LZH-compressed archives, F-Secure officials said in an advisory.
/zimages/1/28571.gifRead morehereabout F-Secure security suite taking on spyware and rootkits.
“An attacker may create a specially crafted LHA archive, which then in its decompression phase exploits the described buffer overflow vulnerability, allowing arbitrary code to be executed or the exploit to create a denial-of-service condition,” said officials at the Helsinki, Finland-based company.
The bug affects F-Secures Anti-Virus, Internet Gatekeeper and Internet Security product suites.
Two other vulnerabilities were patched Wednesday as well. One is an IOCTL (Input/Output Control) vulnerability in the Real-time Scanning component of F-Secure workstation and file server products for Windows. An attacker with local access to the system can escalate their privileges to the system with a specially crafted IRP (I/O request packet) due to improper access validation of the address space used by Real-time Scanning, company officials said.
The final flaw patched Wednesday is a bug in F-Secures Policy Manager Server that could be used by attackers to launch a denial-of-service attack. A DoS condition can be triggered by using NTFS-reserved words as URL filenames, company officials warned. France-based security research organization FrSIRT rates this particular flaw, which is remotely exploitable, as low risk.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.