Secunia

A vulnerability has been reported in various F-Secure products, which can be exploited by malware to bypass certain scanning functionality.

The vulnerability is caused due to an error when parsing ".zip" archives and can be exploited via a specially crafted ".zip" archive, which the scanner incorrectly calculates be of zero length.

Successful exploitation causes malware in a specially crafted ".zip" archive to bypass the scanning functionality.

NOTE: This is not a critical issue on client systems, as the malware still is detected when it is extracted.

The vulnerability affects the following products:
* F-Secure Internet Security 2004 and 2005
* F-Secure Anti-Virus 2004 and 2005
* F-Secure Anti-Virus for Workstation version 5.43 and earlier
* F-Secure Anti-Virus for Windows Servers version 5.50 and earlier
* F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier
* F-Secure Anti-Virus for Linux Servers version 4.61 and earlier
* F-Secure Anti-Virus for Samba Servers version 4.60
* F-Secure Anti-Virus Linux Client Security 5.00
* F-Secure Anti-Virus for MIMEsweeper version 5.50 and earlier
* F-Secure Anti-Virus Client Security version 5.55 and earlier
* F-Secure Internet Gatekeeper version 6.41 and earlier
* F-Secure Anti-Virus for Firewalls version 6.20 and earlier
* F-Secure Anti-Virus for MS Exchange version 6.31 and earlier
* F-Secure Anti-Virus for MS Exchange version 6.01 and earlier
* F-Secure Anti-Virus for Linux Gateways version 4.61 and earlier
* F-Secure Internet Gatekeeper for Linux 2.06 and earlier
* F-Secure Anti-Virus Linux Server Security 5.00
* Solutions based on F-Secure Personal Express version 5.00 and earlier

Solution
See patch matrix in original advisory.

Provided and/or discovered by
Reported by vendor.

Changelog
Further details available in Customer Area

Original Advisory
http://www.f-secure.com/security/fsc-2004-3.shtml

Deep Links
Links available in Customer Area