The buffer overflow vulnerability lies in the processing of LHA archives and may allow an attacker to execute arbitrary code or create a denial-of-service condition. This flaw is related to a similar problem discovered last fall involving the way the Gzip decompression utility handles LZH-compressed archives, F-Secure officials said in an advisory.
"An attacker may create a specially crafted LHA archive, which then in its decompression phase exploits the described buffer overflow vulnerability, allowing arbitrary code to be executed or the exploit to create a denial-of-service condition," said officials at the Helsinki, Finland-based company.
The bug affects F-Secure's Anti-Virus, Internet Gatekeeper and Internet Security product suites.
Two other vulnerabilities were patched Wednesday as well. One is an IOCTL (Input/Output Control) vulnerability in the Real-time Scanning component of F-Secure workstation and file server products for Windows. An attacker with local access to the system can escalate their privileges to the system with a specially crafted IRP (I/O request packet) due to improper access validation of the address space used by Real-time Scanning, company officials said.
The final flaw patched Wednesday is a bug in F-Secure's Policy Manager Server that could be used by attackers to launch a denial-of-service attack. A DoS condition can be triggered by using NTFS-reserved words as URL filenames, company officials warned. France-based security research organization FrSIRT rates this particular flaw, which is remotely exploitable, as low risk.
www.eweek.com
No comments:
Post a Comment