Vulnerability CVE-2010-1425


Published: 2010-04-15   Modified: 2012-02-13

Description:
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
F-secure -> Anti-virus 
F-secure -> F-secure anti-virus 
F-secure -> F-secure anti-virus client security 
F-secure -> F-secure anti-virus for citrix servers 
F-secure -> F-secure anti-virus for linux 
F-secure -> F-secure anti-virus for microsoft exchange 
F-secure -> F-secure anti-virus for mimesweeper 
F-secure -> F-secure anti-virus for windows servers 
F-secure -> F-secure anti-virus for workstations 
F-secure -> F-secure anti-virus linux client security 
F-secure -> F-secure anti-virus linux server security 
F-secure -> F-secure internet security 
F-secure -> Home server security 
F-secure -> Internet gatekeeper 

 References:
http://www.vupen.com/english/advisories/2010/0855
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html
http://www.securitytracker.com/id?1023843
http://www.securitytracker.com/id?1023842
http://www.securitytracker.com/id?1023841
http://secunia.com/advisories/39396

Copyright 2022, cxsecurity.com

 

Back to Top