F-Secure have released security advisory FSC-2006-1.
Brief description Specially crafted ZIP archives may be used to execute code on affected systems. Both RAR- and ZIP-archives can in addition be crafted to avoid successful scanning and obfuscate malicious code in the archive.
Software F-Secure’s Anti-Virus products for Microsoft Windows and Linux
Affected versions F-Secure Anti-Virus for Workstation version 5.44 and earlier
F-Secure Anti-Virus for Windows Servers version 5.52 and earlier
F-Secure Anti-Virus for Citrix Servers version 5.52
F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
F-Secure Anti-Virus Client Security version 6.01 and earlier
F-Secure Anti-Virus for MS Exchange version 6.40 and earlier
F-Secure Internet Gatekeeper version 6.42 and earlier
F-Secure Anti-Virus for Firewalls version 6.20 and earlier
F-Secure Internet Security 2004, 2005 and 2006
F-Secure Anti-Virus 2004, 2005 and 2006
Solutions based on F-Secure Personal Express version 6.20 and earlier
F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier
F-Secure Anti-Virus for Linux Servers version 4.64 and earlier
F-Secure Anti-Virus for Linux Gateways version 4.64 and earlier
F-Secure Anti-Virus for Samba Servers version 4.62
F-Secure Anti-Virus Linux Client Security 5.11 and earlier
F-Secure Anti-Virus Linux Server Security 5.11 and earlier
F-Secure Internet Gatekeeper for Linux 2.14 and earlier
This advisory describes a vulnerability that affects several F-Secure Anti-virus products for Windows and Linux. We hope that all system administrators that use our products read the advisory and apply the necessary upgrades or hotfixes.
Our guidance here is the same as for patches from any other vendor: Patch now before someone figures out how to exploit the vulnerability. At the moment we are not aware of any attacks that would have used this vulnerability.
