Description: A vulnerability has been reported in various F-Secure products, which can be exploited by malware to bypass the scanning functionality.
The vulnerability is caused due to an error in the handling of CAB and RAR files and can be exploited to bypass the anti-virus scanning functionality via a specially crafted CAB or RAR file.
The vulnerability affect the following products:
* F-Secure Internet Security 2008
* F-Secure Internet Security 2007 Second Edition
* F-Secure Internet Security 2007
* F-Secure Internet Security 2006
* F-Secure Anti-Virus 2008
* F-Secure Anti-Virus 2007, v.7.02
* F-Secure Anti-Virus 2007
* F-Secure Anti-Virus 2006
* F-Secure Anti-Virus Client Security 7.10
* F-Secure Anti-Virus Client Security 7.01
* F-Secure Anti-Virus Client Security 6.03
* F-Secure Anti-Virus Client Security 6.02
* F-Secure Anti-Virus for Workstations 7.10
* F-Secure Anti-Virus for Workstations 7.00
* F-Secure Anti-Virus for Workstations 5.44
* F-Secure Anti-Virus Linux Client Security 5.53
* F-Secure Anti-Virus Linux Client Security 5.52
* F-Secure Anti-Virus for Linux 4.65
* Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier
* Solutions based on F-Secure Protection Service for Business version 3.00 and earlier
* F-Secure Anti-Virus for Windows Servers 7.00
* F-Secure Anti-Virus for Windows Servers 5.52
* F-Secure Anti-Virus for Citrix Servers 5.52
* F-Secure Anti-Virus Linux Server Security 5.53
* F-Secure Anti-Virus Linux Server Security 5.52
* F-Secure Anti-Virus for Microsoft Exchange 7.0
* F-Secure Anti-Virus for Microsoft Exchange 6.62
* F-Secure Internet Gatekeeper 6.61, Windows
* F-Secure Internet Gatekeeper for Linux 2.16
* F-Secure Anti-Virus for MIMEsweeper 5.61
* F-Secure Messaging Security Gateway 4.0.7 and earlier
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution: Apply patches. Please see the vendor's advisory for details.
Provided and/or discovered by: The vendor credits Thierry Zoller of n.runs AG.
Changelog: 2008-02-19: Added CVE reference.
2008-02-26: Added CVE reference.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
