Info

Disclosure

Jun 28, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

F-Secure Antivirus contains a flaw that may allow a malicious user to bypass the real-time scanning functionality. The issue is triggered when an unspecified error occurs when handling executable programs where the name has been manipulated. It is possible that the flaw may allow malware execution on the system.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, F-Secure Corporation has released a patch to address this vulnerability.

Products

F-Secure Corporation	Anti-Virus	2004
		2005
		2006
	Internet Security	2004
		2005
		2006
	Client Security	5
	Client Security	6
	Anti-Virus for Citrix Servers	5
	Anti-Virus for MIMEsweeper	5
	Anti-Virus for Windows Servers	5
	Anti-Virus for Workstations	5
	Service Platform for Service Providers	6

References

CVE ID: 2006-3489 (see also: NVD)
Secunia Advisory ID: 20858
SCIP VulDB ID: 2346
Related OSVDB ID: 26876
VUPEN Advisory: ADV-2006-2573
Vendor Specific Advisory URL: http://www.f-secure.com/security/fsc-2006-4.shtml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/26875

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

F-Secure Corporation

Anti-Virus

Internet Security

Client Security

Anti-Virus for Citrix Servers

Anti-Virus for MIMEsweeper

Anti-Virus for Windows Servers

Anti-Virus for Workstations

Service Platform for Service Providers

References

Credit