ISS X-Force has reported a vulnerability in multiple F-Secure products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the antivirus scanning functionality when processing ARJ archives. This can be exploited to cause a buffer overflow via a specially crafted ARJ archive.

Successful exploitation allows execution of arbitrary code, but requires that the malicious ARJ archive is scanned with archive scanning enabled.

The following products are affected:
* F-Secure Anti-Virus for Workstation version 5.43 and earlier
* F-Secure Anti-Virus for Windows Servers version 5.50 and earlier
* F-Secure Anti-Virus for Citrix Servers version 5.50
* F-Secure Anti-Virus for MIMEsweeper version 5.51 and earlier
* F-Secure Anti-Virus Client Security version 5.55 and earlier
* F-Secure Anti-Virus for MS Exchange version 6.31 and earlier
* F-Secure Internet Gatekeeper version 6.41 and earlier
* F-Secure Anti-Virus for Firewalls version 6.20 and earlier
* F-Secure Internet Security 2004 and 2005
* F-Secure Anti-Virus 2004 and 2005
* Solutions based on F-Secure Personal Express version 5.10 and earlier
* F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier
* F-Secure Anti-Virus for Linux Servers version 4.61 and earlier
* F-Secure Anti-Virus for Linux Gateways version 4.61 and earlier
* F-Secure Anti-Virus for Samba Servers version 4.60
* F-Secure Anti-Virus Linux Client Security 5.01 and earlier
* F-Secure Anti-Virus Linux Server Security 5.01 and earlier
* F-Secure Internet Gatekeeper for Linux 2.06

Solution
Apply patches (see vendor advisory for details).

Provided and/or discovered by
Alex Wheeler, ISS X-Force.

Changelog
Further details available in Customer Area

Original Advisory
F-Secure:
http://www.f-secure.com/security/fsc-2005-1.shtml

ISS:
http://xforce.iss.net/xforce/alerts/id/188

Deep Links
Links available in Customer Area