CVE-2010-1425
https://notcve.org/view.php?id=CVE-2010-1425
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection. F-Secure Internet Security 2010 y anteriores; Anti-Virus para Microsoft Exchange 9 y anteriores, y para MIMEsweeper v5.61 y anteriores; Internet Gatekeeper para Windows v6.61 y anteriores, y para Linux v4.02 y anteriores; Anti-Virus 2010 y anteriores; Home Server Security 2009; Protection Service para Consumers 9 y anteriores, para Business - Workstation security 9 y anteriores, para Business - Server Security 8 y anteriores, y para E-mail y Server security 9 y anteriores; Mac Protection build 8060 y anteriores; Client Security 9 y anteriores; y varios productos Anti-Virus para Windows, Linux, y Citrix no detectan adecuadamente malware en archivos (1) 7Z, (2) GZIP, (3) CAB, o (4) RAR manipulados, lo que facilita a atacantes evitar la detección. • http://secunia.com/advisories/39396 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html http://www.securitytracker.com/id?1023841 http://www.securitytracker.com/id?1023842 http://www.securitytracker.com/id?1023843 http://www.vupen.com/english/advisories/2010/0855 •
CVE-2008-6085
https://notcve.org/view.php?id=CVE-2008-6085
Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow. Desbordamiento de entero en múltiples productos antivirus de F-Secure, incluyendo Internet Security 2006 hasta 2008, Anti-Virus 2006 hasta 2008, y otros, cuando ha sido configurado para escanear ficheros comprimidos internamente, permite a atacantes remotos ejecutar código de su elección a través de un fichero comprimido RPM manipulado, lo que provocará un desbordamiento de búfer. • http://secunia.com/advisories/32352 http://www.f-secure.com/security/fsc-2008-3.shtml http://www.securityfocus.com/bid/31846 http://www.securitytracker.com/id?1021073 http://www.vupen.com/english/advisories/2008/2874 https://exchange.xforce.ibmcloud.com/vulnerabilities/46016 • CWE-189: Numeric Errors •
CVE-2008-1412
https://notcve.org/view.php?id=CVE-2008-1412
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats. Vulnerabilidad no especificada en multiples productos anti-virus de F-Secure, incluidos Internet Security 2006 hasta 2008, Anti-Virus 2006 hasta 2008 y otros, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (suspender o parar) utilizando un archivo defectuoso que provocará un excepción no manejada, como se ha demostrado por el paquete de pruebas PROTOS GENOME para formatos de archivo. • http://secunia.com/advisories/29397 http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotfixes.shtml http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive http://www.f-secure.com/security/fsc-2008-2.shtml http://www.securityfocus.com/bid/28282 http://www.securitytracker.com/id?1019618 http://www • CWE-20: Improper Input Validation •
CVE-2008-0910
https://notcve.org/view.php?id=CVE-2008-0910
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792. Múltiples productos antivirus de F-Secure, incluyendo Internet Security de 2006 a 2008, Anti-Virus de 2006 a 2008, F-Secure Protection Service y otros, permiten a atacantes remotos evitar las detecciones del malware a través de un archivo RAR manipulado. NOTA: podría estar relacionado con CVE-2008-0792. • http://secunia.com/advisories/28919 http://www.f-secure.com/security/fsc-2008-1.shtml http://www.securitytracker.com/id?1019405 http://www.securitytracker.com/id?1019412 http://www.securitytracker.com/id?1019413 http://www.vupen.com/english/advisories/2008/0544/references https://exchange.xforce.ibmcloud.com/vulnerabilities/40480 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-0792
https://notcve.org/view.php?id=CVE-2008-0792
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. Múltiples productos antivirus F-Secure, incluyendo Internet Security 2006 hasta 2008, Anti-Virus 2006 hasta 2008, F-Secure Protection Service y otros, permiten a los atacantes remotos omitir la detección de malware por medio de un archivo CAB diseñado. • http://secunia.com/advisories/28919 http://www.f-secure.com/security/fsc-2008-1.shtml http://www.securitytracker.com/id?1019405 http://www.securitytracker.com/id?1019412 http://www.securitytracker.com/id?1019413 http://www.vupen.com/english/advisories/2008/0544/references https://exchange.xforce.ibmcloud.com/vulnerabilities/40480 • CWE-264: Permissions, Privileges, and Access Controls •