J-Security Center

Title: Multiple F-Secure Products RAR/ZIP Files Scan Evasion Vulnerability

Severity: HIGH

Description:

F-Secure develops antivirus, antispyware, and firewalling products.

Multiple F-Secure products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. The vulnerability occurs because the software fails to properly inspect specially crafted 'RAR' and 'ZIP' archive files.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

Affected Products:

  • F-Secure Anti-Virus 2003
  • F-Secure Anti-Virus 2004
  • F-Secure Anti-Virus 2005
  • F-Secure Anti-Virus 2006
  • F-Secure Anti-Virus 2007
  • F-Secure Anti-Virus 2008
  • F-Secure Anti-Virus 2009
  • F-Secure Anti-Virus 5.0.2
  • F-Secure Anti-Virus 5.2.1
  • F-Secure Anti-Virus 5.3.0 .0
  • F-Secure Anti-Virus 5.56.0
  • F-Secure Anti-Virus Linux Client Security 5.0.0
  • F-Secure Anti-Virus Linux Client Security 5.0.0 1
  • F-Secure Anti-Virus Linux Client Security 5.0.4
  • F-Secure Anti-Virus Linux Client Security 5.11.0
  • F-Secure Anti-Virus Linux Client Security 5.30
  • F-Secure Anti-Virus Linux Client Security 5.52
  • F-Secure Anti-Virus Linux Client Security 5.54
  • F-Secure Anti-Virus Linux Server Security 5.0.0
  • F-Secure Anti-Virus Linux Server Security 5.0.0 1
  • F-Secure Anti-Virus Linux Server Security 5.0.0 4
  • F-Secure Anti-Virus Linux Server Security 5.11.0
  • F-Secure Anti-Virus Linux Server Security 5.30
  • F-Secure Anti-Virus Linux Server Security 5.52
  • F-Secure Anti-Virus Linux Server Security 5.54
  • F-Secure Anti-Virus for Citrix Servers 5.5.0
  • F-Secure Anti-Virus for Citrix Servers 5.52.0
  • F-Secure Anti-Virus for Citrix Servers 7.00
  • F-Secure Anti-Virus for Linux Servers 4.51.0
  • F-Secure Anti-Virus for Linux Servers 4.52.0
  • F-Secure Anti-Virus for Linux Servers 4.61.0
  • F-Secure Anti-Virus for Linux Servers 4.64.0
  • F-Secure Anti-Virus for Linux Servers 4.65
  • F-Secure Anti-Virus for Linux Servers 4.65.0
  • F-Secure Anti-Virus for MIMEsweeper 5.41.0
  • F-Secure Anti-Virus for MIMEsweeper 5.42.0
  • F-Secure Anti-Virus for MIMEsweeper 5.50.0
  • F-Secure Anti-Virus for MIMEsweeper 5.51.0
  • F-Secure Anti-Virus for MIMEsweeper 5.61.0
  • F-Secure Anti-Virus for MS Exchange 6.0.0 1
  • F-Secure Anti-Virus for MS Exchange 6.2.0
  • F-Secure Anti-Virus for MS Exchange 6.21.0
  • F-Secure Anti-Virus for MS Exchange 6.3.0 0
  • F-Secure Anti-Virus for MS Exchange 6.30.0 Service Release 1
  • F-Secure Anti-Virus for MS Exchange 6.31.0
  • F-Secure Anti-Virus for MS Exchange 6.31.0
  • F-Secure Anti-Virus for MS Exchange 6.40.0
  • F-Secure Anti-Virus for MS Exchange 6.60
  • F-Secure Anti-Virus for MS Exchange 6.61
  • F-Secure Anti-Virus for MS Exchange 6.62
  • F-Secure Anti-Virus for MS Exchange 7.00
  • F-Secure Anti-Virus for MS Exchange 7.10
  • F-Secure Anti-Virus for Windows Servers 5.41.0
  • F-Secure Anti-Virus for Windows Servers 5.42.0
  • F-Secure Anti-Virus for Windows Servers 5.50.0
  • F-Secure Anti-Virus for Windows Servers 5.52.0
  • F-Secure Anti-Virus for Windows Servers 7.00
  • F-Secure Anti-Virus for Windows Servers 8.00
  • F-Secure Anti-Virus for Workstations 5.40.0
  • F-Secure Anti-Virus for Workstations 5.41.0
  • F-Secure Anti-Virus for Workstations 5.42.0
  • F-Secure Anti-Virus for Workstations 5.43.0
  • F-Secure Anti-Virus for Workstations 5.44.0
  • F-Secure Anti-Virus for Workstations 7.00
  • F-Secure Anti-Virus for Workstations 7.11
  • F-Secure Anti-Virus for Workstations 8.0
  • F-Secure Client Security
  • F-Secure Client Security 7.11
  • F-Secure Client Security 7.12
  • F-Secure Client Security 8.0
  • F-Secure Home Server Security 2009
  • F-Secure Internet Gatekeeper 6.3.0
  • F-Secure Internet Gatekeeper 6.31.0
  • F-Secure Internet Gatekeeper 6.32.0
  • F-Secure Internet Gatekeeper 6.40.0
  • F-Secure Internet Gatekeeper 6.41.0
  • F-Secure Internet Gatekeeper 6.42.0
  • F-Secure Internet Gatekeeper 6.50
  • F-Secure Internet Gatekeeper 6.60
  • F-Secure Internet Gatekeeper 6.61
  • F-Secure Internet Gatekeeper for Linux
  • F-Secure Internet Gatekeeper for Linux 2.0.0 6
  • F-Secure Internet Gatekeeper for Linux 2.14.0
  • F-Secure Internet Gatekeeper for Linux 2.15.484
  • F-Secure Internet Gatekeeper for Linux 2.16
  • F-Secure Internet Gatekeeper for Linux Japanese 3.01
  • F-Secure Internet Security 2003
  • F-Secure Internet Security 2004
  • F-Secure Internet Security 2005
  • F-Secure Internet Security 2006
  • F-Secure Internet Security 2007
  • F-Secure Internet Security 2007 Second Edition
  • F-Secure Internet Security 2008
  • F-Secure Internet Security 2009
  • F-Secure Linux Security 7.01
  • F-Secure Linux Security 7.02
  • F-Secure Protection Service for Business
  • F-Secure Protection Service for Business - E-mail and Server 8.00
  • F-Secure Protection Service for Business - Workstation 8.00
  • F-Secure Protection Service for Business 3.10
  • F-Secure Protection Service for Consumers
  • F-Secure Protection Service for Consumers 7.00
  • F-Secure Protection Service for Consumers 8.00

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.