Remote Code Execution Vulnerability Patched in F-Secure Antivirus

Status
Not open for further replies.

jamescv7

Level 85
Thread author
Verified
Honorary Member
Mar 15, 2011
13,070
F-Secure has patched a remote code execution vulnerability that affected several of its security products and exposed users to drive-by download attacks.

The buffer overflow vulnerability was discovered by security consultant Anil Aphale, aka 41.w4r10r, and is located in the F-Secure Gadget Resource Handler ActiveX Control (fsresh.dll).

According to vulnerability management vendor Secunia, which rates this vulnerability as highly critical, the flaw is caused by a boundary error in the handling of the "initialize()" method.

The vulnerability can be exploited by tricking victims into visiting a specially-crafted web page using Internet Explorer.

F-Secure Anti-Virus 2010 and 2011, F-Secure Internet Security 2010 and 2011, as well as products based on F-Secure Protection Service for Consumers version 9 and F-Secure Protection Service for Business - Workstation security version 9 are affected by this flaw.

Read More

F-secure Security Advisory

Secunia Link
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top