F-Secure products are vulnerable, warns F-Secure

Summary:The Finnish antivirus company has issued a security advisory for a critical vulnerability in its own products

Security company F-Secure on Thursday warned businesses of a critical vulnerability in its antivirus products.

In a security bulletin, F-Secure said that an attacker could execute the code of his choice on affected systems by using specially crafted ZIP files to circumvent F-Secure antivirus products and cause a buffer overflow. The flaw affects F-Secure products for both for Windows and Linux systems.

A buffer overflow occurs when a program tries to store too much data in a temporary data storage area, and is a common type of programming flaw that can be exploited.

F-Secure also found that hackers could create RAR and ZIP archives containing malware that cannot be scanned by its products, allowing the files to slip through a company's security defences.

F-Secure said it is not aware of any malware that exploits this vulnerability and has not yet seen any attacks, but recommends that businesses "patch now" to avoid attack.

Businesses using older F-Secure products are more at risk, especially those running Linux server and gateway products. Patches will not be distributed automatically for these products, so users must download them from the F-Secure site. For newer products such as F-Secure Internet Security 2004 — 2006, a patch was distributed automatically on Thursday afternoon.

For a full list of the products affected click here.

The vulnerability was found by security researcher Thierry Zoller, who disclosed the information to F-Secure.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.