Detections
Analytics

F-Secure ZIP/RAR Archive Handling Overflow Multiple RCE

high Nessus Plugin ID 20804

Synopsis

An antivirus application installed on the remote host is affected by multiple remote code execution vulnerabilities

Description

The version of F-Secure Anti-Virus installed on the remote Windows host is affected by multiple flaws in the way it handles ZIP and RAR archives. An attacker can exploit these, via specially crafted files, to bypass scanning or execute arbitrary code with SYSTEM privileges.

Solution

Enable auto-updates if using F-Secure Internet Security 2004-2006, F-Secure Anti-Virus 2004-2006, or F-Secure Personal Express version 6.20 or earlier. Alternatively, apply the appropriate hotfix as referenced in the vendor advisory.

See Also

http://www.zoller.lu/

http://www.nessus.org/u?3072c99e

Plugin Details

Severity: High

ID: 20804

File Name: fsecure_archive_overflows.nasl

Version: 1.21

Type: local

Agent: windows

Family: Windows

Published: 1/24/2006

Updated: 7/11/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f-secure:f-secure_anti-virus

Required KB Items: SMB/name, SMB/login, SMB/password, SMB/registry_full_access, SMB/transport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/19/2006

Reference Information

CVE: CVE-2006-0337, CVE-2006-0338

BID: 16309