Description: A vulnerability has been reported in various F-Secure products, which can be exploited by malware to bypass the scanning functionality.
The vulnerability is caused due to an error in the handling of LHA and RAR files with malformed archive file headers. This can be exploited to bypass the anti-virus scanning functionality via a specially crafted LHA or RAR file.
The vulnerability is reported in the following products and versions:
F-Secure Anti-Virus for Workstations version 7.00 and earlier
F-Secure Anti-Virus for Windows Servers version 7.00 and earlier
F-Secure Anti-Virus for Citrix Servers version 5.52
F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
F-Secure Client Security version 7.00 and earlier
F-Secure Anti-Virus for MS Exchange version 7.00 and earlier
F-Secure Internet Gatekeeper version 6.61 and earlier
F-Secure Internet Security 2005, 2006 and 2007
F-Secure Anti-Virus 2005, 2006 and 2007
Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier
F-Secure Anti-Virus for Linux Servers version 4.65 and earlier
F-Secure Anti-Virus for Linux Gateways version 4.65 and earlier
F-Secure Linux Client Security 5.52 and earlier
F-Secure Linux Server Security 5.52 and earlier
F-Secure Internet Gatekeeper for Linux 2.16 and earlier
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution: Fixed automatically in database updates.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
