Not open for further replies.


Level 61
F-Secure has patched a remote code execution vulnerability that affected several of its security products and exposed users to drive-by download attacks.

The buffer overflow vulnerability was discovered by security consultant Anil Aphale, aka 41.w4r10r, and is located in the F-Secure Gadget Resource Handler ActiveX Control (fsresh.dll).

According to vulnerability management vendor Secunia, which rates this vulnerability as highly critical, the flaw is caused by a boundary error in the handling of the "initialize()" method.

The vulnerability can be exploited by tricking victims into visiting a specially-crafted web page using Internet Explorer.

F-Secure Anti-Virus 2010 and 2011, F-Secure Internet Security 2010 and 2011, as well as products based on F-Secure Protection Service for Consumers version 9 and F-Secure Protection Service for Business - Workstation security version 9 are affected by this flaw.
Read More

F-secure Security Advisory

Secunia Link
Not open for further replies.