Vulnerability CVE-2008-1412


Published: 2008-03-20   Modified: 2012-02-12

Description:
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
F-secure -> F-secure anti-virus 
F-secure -> F-secure anti-virus client security 
F-secure -> F-secure anti-virus for linux 
F-secure -> F-secure anti-virus for workstations 
F-secure -> F-secure anti-virus linux client security 
F-secure -> F-secure client security 
F-secure -> F-secure internet security 
F-secure -> F-secure mobile antivirus for s60 
F-secure -> F-secure mobile antivirus for windows mobile 
F-secure -> F-secure mobile security for series 80 
F-secure -> F-secure protection service for business 
F-secure -> F-secure protection service for consumers 

 References:
http://www.f-secure.com/security/fsc-2008-2.shtml
http://www.vupen.com/english/advisories/2008/0903/references
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
http://secunia.com/advisories/29397
http://xforce.iss.net/xforce/xfdb/41234
http://www.securitytracker.com/id?1019620
http://www.securitytracker.com/id?1019619
http://www.securitytracker.com/id?1019618
http://www.securityfocus.com/bid/28282
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotfixes.shtml
http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml

Copyright 2022, cxsecurity.com

 

Back to Top