Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » F-Secure patches 23 flaws

F-Secure patches 23 flaws

by Nikola Strahija on January 22nd, 2006 Thierry Zoller, an independent security researcher, has found vulnerabilities in 23 editions of F-Secure Anti-Virus, Internet Gatekeeper, and Internet Security. The bugs affect how it parses .zip and .rar files.


Maliciously crafted .zip files can be used to create a buffer overflow and after that, hackers could load their own code onto the compromised machine, according to Zoller. A second flaw can be exploited with specially made .zip or .rar files to hide malicious code from the anti-virus scanning engine, giving users a false sense of security and attackers a way to sneak stuff past protection.

F-Secure said the flaws were critical, and issued patches on Thursday. -Our guidance is the same as for patches from any other vendor: Patch now before someone figures out how to exploit the vulnerability, F-Secure's director of anti-virus research, Mikko Hypponen, wrote on the company's Web site. -At the moment we are not aware of any attacks that would have used this vulnerability.'


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »