CVE-2010-1425
https://notcve.org/view.php?id=CVE-2010-1425
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection. F-Secure Internet Security 2010 y anteriores; Anti-Virus para Microsoft Exchange 9 y anteriores, y para MIMEsweeper v5.61 y anteriores; Internet Gatekeeper para Windows v6.61 y anteriores, y para Linux v4.02 y anteriores; Anti-Virus 2010 y anteriores; Home Server Security 2009; Protection Service para Consumers 9 y anteriores, para Business - Workstation security 9 y anteriores, para Business - Server Security 8 y anteriores, y para E-mail y Server security 9 y anteriores; Mac Protection build 8060 y anteriores; Client Security 9 y anteriores; y varios productos Anti-Virus para Windows, Linux, y Citrix no detectan adecuadamente malware en archivos (1) 7Z, (2) GZIP, (3) CAB, o (4) RAR manipulados, lo que facilita a atacantes evitar la detección. • http://secunia.com/advisories/39396 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html http://www.securitytracker.com/id?1023841 http://www.securitytracker.com/id?1023842 http://www.securitytracker.com/id?1023843 http://www.vupen.com/english/advisories/2010/0855 •
CVE-2008-6085
https://notcve.org/view.php?id=CVE-2008-6085
Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow. Desbordamiento de entero en múltiples productos antivirus de F-Secure, incluyendo Internet Security 2006 hasta 2008, Anti-Virus 2006 hasta 2008, y otros, cuando ha sido configurado para escanear ficheros comprimidos internamente, permite a atacantes remotos ejecutar código de su elección a través de un fichero comprimido RPM manipulado, lo que provocará un desbordamiento de búfer. • http://secunia.com/advisories/32352 http://www.f-secure.com/security/fsc-2008-3.shtml http://www.securityfocus.com/bid/31846 http://www.securitytracker.com/id?1021073 http://www.vupen.com/english/advisories/2008/2874 https://exchange.xforce.ibmcloud.com/vulnerabilities/46016 • CWE-189: Numeric Errors •
CVE-2008-1412
https://notcve.org/view.php?id=CVE-2008-1412
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats. Vulnerabilidad no especificada en multiples productos anti-virus de F-Secure, incluidos Internet Security 2006 hasta 2008, Anti-Virus 2006 hasta 2008 y otros, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (suspender o parar) utilizando un archivo defectuoso que provocará un excepción no manejada, como se ha demostrado por el paquete de pruebas PROTOS GENOME para formatos de archivo. • http://secunia.com/advisories/29397 http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotfixes.shtml http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive http://www.f-secure.com/security/fsc-2008-2.shtml http://www.securityfocus.com/bid/28282 http://www.securitytracker.com/id?1019618 http://www • CWE-20: Improper Input Validation •
CVE-2006-3489
https://notcve.org/view.php?id=CVE-2006-3489
F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier allows remote attackers to bypass anti-virus scanning via a crafted filename. F-Secure Anti-Virus de 2003 a 2006 y otras versiones, Internet Security de 2003 a 2006 y Service Platform para Service Providers 6.x y anteriores permite a atacantes remotos evitar la búsqueda antivirus a través de un nombre de archivo manipulado. • http://secunia.com/advisories/20858 http://securitytracker.com/id?1016400 http://securitytracker.com/id?1016401 http://www.f-secure.com/security/fsc-2006-4.shtml http://www.osvdb.org/26875 http://www.securityfocus.com/bid/18693 http://www.vupen.com/english/advisories/2006/2573 https://exchange.xforce.ibmcloud.com/vulnerabilities/27498 •
CVE-2006-3490
https://notcve.org/view.php?id=CVE-2006-3490
F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier does not scan files contained on removable media when "Scan network drives" is disabled, which allows remote attackers to bypass anti-virus controls. F-Secure Anti-Virus 2003 a 2006 y otras versiones, Internet Security 2003 a 2006 y Service Platform for Service Providers 6.x y anteriores no escanean archivos ubicados en medios extraíbles cuando la opción "Escanear Unidades de Red" está deshabilitada, lo cual permite a atacantes remotos evitar el control de los antivirus. • http://secunia.com/advisories/20858 http://securitytracker.com/id?1016400 http://securitytracker.com/id?1016401 http://www.f-secure.com/security/fsc-2006-4.shtml http://www.osvdb.org/26876 http://www.securityfocus.com/bid/18693 http://www.vupen.com/english/advisories/2006/2573 https://exchange.xforce.ibmcloud.com/vulnerabilities/27502 •