 |
 F-Secure patches hole in its antivirus software
February 14, 2005
Antivirus company F-Secure has patched a serious vulnerability in its antivirus product that might lead to the affected computer being compromised as a result of a maliciously constructed ARJ archive file.
The security hole in the antivirus library affects 18 products for desktops, servers and gateways, with the network products at "critical" risk, F-Secure said in its Thursday's bulletin. By manipulating the way a scanning module processes specially crafted ARJ file, an intruder can use a buffer overflow to run arbitrary code on an unpatched machine, said Tony Magellanez, a systems engineer at F-Secure.
This is the second time last week two large antivirus companies have warned of their products' inept handling of the the archived file, with both times the flaw being initially discovered by the ISS (Internet Security Systems) Company.
"At this point, it's a theoretical exploit," Magellanez said, referring to the fact that there seems to be no exploit, a program that takes advantage of a previously discovered vulnerability, in the wild. "ISS gave us details of how it could be done, and we created a patch."
"We urge all affected users to apply the patch, before some clown virus-writer tries to exploit it," said Mikko Hypponen, director of anti-virus research at F-Secure. "This hole is related to a bug in our routine that unpacks ARJ archive files. The bug would allow an attacker to execute code when his ARJ file is scanned."
The vulnerability could enable intruders to spy on confidential company information, ISS said in its advisory. It noted that several large vendors and Internet security providers use the antivirus library in their products.
|
|
