CVSS: 9.3EPSS: 3%CPEs: 58EXPL: 0CVE-2007-3300
https://notcve.org/view.php?id=CVE-2007-3300
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. Múltiples productos antivirus de F-Secure para Microsoft Windows y Linux anterior al 19/06/2007 permiten a atacantes remotos evitar el escaneo mediante una cabecera artesanal en un archivo (1) LHA o (2) RAR. • http://osvdb.org/36728 http://osvdb.org/36729 http://secunia.com/advisories/25738 http://www.f-secure.com/security/fsc-2007-5.shtml http://www.securityfocus.com/bid/24525 http://www.securitytracker.com/id?1018266 http://www.securitytracker.com/id?1018267 http://www.securitytracker.com/id?1018268 http://www.vupen.com/english/advisories/2007/2247 https://exchange.xforce.ibmcloud.com/vulnerabilities/34942 •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2007-2965
https://notcve.org/view.php?id=CVE-2007-2965
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space." Vulnerabilidad sin especificar en el componente Real-time Scanning en múltiples productos de F-Secure, incluyendo Internet Security 2005, 2006 y2007; Anti-Virus 2005, 2006 y 2007 y Solutions basadas en F-Secure Protection Service for Consumers 6.40 y versiones anteriores permite a usuarios locales obtener privilegios a través de paquetes de petición I/O (IRP) manipulados, relacionado con el IOCTL (Control de Entrada/Salida) y "Validación del acceso al espacio de direcciones". • http://osvdb.org/36727 http://secunia.com/advisories/25439 http://www.f-secure.com/security/fsc-2007-2.shtml http://www.securitytracker.com/id?1018146 http://www.securitytracker.com/id?1018148 http://www.vupen.com/english/advisories/2007/1985 https://exchange.xforce.ibmcloud.com/vulnerabilities/34579 •
CVSS: 7.5EPSS: 16%CPEs: 19EXPL: 0CVE-2007-2966
https://notcve.org/view.php?id=CVE-2007-2966
Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. Un desbordamiento de búfer en el componente de descompresión LHA en productos antivirus de F-Secure para Microsoft Windows y Linux anterior a versión 20070529, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de la aplicación) por medio de un archivo LHA ??creado, relacionado con un ajuste de entero, un problema similar a CVE-2006-4335. • http://osvdb.org/36724 http://secunia.com/advisories/25426 http://securitytracker.com/id?1018147 http://www.f-secure.com/security/fsc-2007-1.shtml http://www.nruns.com/security_advisory_fsecure_lzh.php http://www.securityfocus.com/archive/1/470256/100/0/threaded http://www.securityfocus.com/bid/24235 http://www.securitytracker.com/id?1018146 http://www.securitytracker.com/id?1018148 http://www.vupen.com/english/advisories/2007/1985 https://exchange.xforce.ibmcloud.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 19EXPL: 0CVE-2007-2967
https://notcve.org/view.php?id=CVE-2007-2967
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. Varios productos antivirus de F-Secure para Microsoft Windows y Linux anterior a versión 20070522, permiten a los atacantes remotos causar una denegación de servicio (bucle infinito de escaneo de archivos) por medio de ciertos archivos ARJ (1) o (2) archivos empaquetados FSG. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063714.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063715.html http://osvdb.org/36725 http://osvdb.org/36726 http://secunia.com/advisories/25440 http://securitytracker.com/id?1018147 http://www.f-secure.com/security/fsc-2007-3.shtml http://www.nruns.com/security_advisory_fsecure_arj.php http://www.nruns.com/security_advisory_fsecure_fsg.php http://www.securityfocus.com/archive/1/470462/ • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 4%CPEs: 16EXPL: 0CVE-2006-3490
https://notcve.org/view.php?id=CVE-2006-3490
F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier does not scan files contained on removable media when "Scan network drives" is disabled, which allows remote attackers to bypass anti-virus controls. F-Secure Anti-Virus 2003 a 2006 y otras versiones, Internet Security 2003 a 2006 y Service Platform for Service Providers 6.x y anteriores no escanean archivos ubicados en medios extraíbles cuando la opción "Escanear Unidades de Red" está deshabilitada, lo cual permite a atacantes remotos evitar el control de los antivirus. • http://secunia.com/advisories/20858 http://securitytracker.com/id?1016400 http://securitytracker.com/id?1016401 http://www.f-secure.com/security/fsc-2006-4.shtml http://www.osvdb.org/26876 http://www.securityfocus.com/bid/18693 http://www.vupen.com/english/advisories/2006/2573 https://exchange.xforce.ibmcloud.com/vulnerabilities/27502 •