35 matches found
CVE-2004-0234
CVE-2004-0234: LHA 1.14 contains multiple stack-based buffer overflows in get_header() of header.c, allowing remote attackers or local users to execute arbitrary code via long directory/file names in an LHA archive. The issue affects LHA as used in products such as Barracuda Spam Firewall; overfl...
CVE-2012-1459
CVE-2012-1459 affects multiple antivirus products including ClamAV. The issue is a vulnerability in the TAR file parser where a TAR archive entry length field could correspond to the entire entry plus part of the header of the next entry, allowing remote attackers to bypass malware detection. The...
CVE-2004-0235
CVE-2004-0235 impacts LHa (LHA) 1.14.x releases. Multiple directory traversal vulnerabilities allow remote attackers or local users to create arbitrary files via an archive containing filenames with .. sequences or absolute paths (//absolute/path). The issue affects LHA 1.14 (and related variants...
CVE-2010-1425
Summary: CVE-2010-1425 affects F-Secure and related antivirus products, whose scanning engines fail to detect malware in specially crafted 7Z, GZIP, CAB, and RAR archives. The issue enables remote malware delivery by archive content evasion, impacting several F-Secure offerings (including Interne...
CVE-2012-1443
CVE-2012-1443 describes a bypass in the RAR file parser used by multiple antivirus products (e.g., ClamAV 0.96.4-related integrations and several vendors) where a RAR file starting with an MZ character sequence can be analyzed by user-assisted remote attackers to bypass malware detection. The evi...
CVE-2012-1461
The CVE-2012-1461 entry documents a vulnerability in the Gzip file parser used by multiple antivirus products (e.g., AVG, Bitdefender, Kaspersky, Symantec Endpoint Protection, Trend Micro, and others) that allows remote attackers to bypass malware detection by delivering a .tar.gz file containing...
CVE-2012-1431
CVE-2012-1431 covers a vulnerability in the ELF file parser used by multiple antivirus products (Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee Gateway/Webwasher 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83....
CVE-2012-1463
The CVE-2012-1463 entry describes a vulnerability in the ELF file parsers used by multiple antivirus products (e.g., AhnLab V3 Internet Security, Bitdefender, Quick Heal, Command Antivirus, Comodo, eSafe, F-Prot, F-Secure, McAfee, Norman, nProtect, Panda). The issue is a flaw in the ELF parser re...
CVE-2006-0338
The CVE-2006-0338 entry applies to multiple F-Secure Anti-Virus products on Windows and Linux (Windows Servers 5.52 and earlier; Internet Security 2004–2006; Linux Servers 4.64 and earlier). The vulnerability stems from how ZIP and RAR archives are handled, with malformed archives not being scann...
CVE-2012-1442
The CVE-2012-1442 entry concerns an ELF file parser flaw that affects multiple antivirus products (e.g., Quick Heal/Cat QuickHeal 11.00, McAfee AV/Engine 5.400.0.1158, McAfee Gateway 2010.1C, eSafe 7.0.17.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, AVL SDK 2.0.3.7, Rising 22.83.0...
CVE-2008-1412
CVE-2008-1412 describes an unspecified vulnerability in multiple F-Secure antivirus products (notably Internet Security 2006–2008 and Anti-Virus 2006–2008) where a malformed archive triggers an unhandled exception, allowing a remote attacker to cause a crash or execute arbitrary code. The issue i...
CVE-2007-2966
CVE-2007-2966 describes a buffer overflow in the LHA decompression component of F-Secure antivirus products for Windows and Linux (pre-20070529). The flaw is triggered by a crafted LHA archive and is tied to an integer wrap issue, enabling remote attackers to potentially execute arbitrary code or...
CVE-2012-1429
The CVE-2012-1429 entry concerns an ELF file parser flaw affecting multiple antivirus products (Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus T3 CLI, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway 201...
CVE-2008-6085
CVE-2008-6085 describes an integer overflow in multiple F-Secure products (e.g., Internet Security 2006–2008, Anti-Virus 2006–2008) when scanning inside compressed archives. A crafted RPM archive can trigger a buffer overflow, allowing a remote attacker to execute arbitrary code. The vulnerabilit...
CVE-2007-2967
The CVE-2007-2967 entry affects multiple F‑Secure antivirus products for Windows and Linux prior to 20070522. The vulnerability is a denial of service via crafted ARJ archives or FSG packed files that can cause a file-scanning infinite loop within the scanner component. Impact is a complete denia...
CVE-2008-0792
CVE-2008-0792 affects multiple F-Secure antivirus products (Internet Security 2006–2008, Anti-Virus 2006–2008, F-Secure Protection Service, and others). The vulnerability allows remote attackers to bypass malware detection by presenting a crafted CAB archive. The documents do not provide exploit ...
CVE-2008-0910
CVE-2008-0910 is connected to F-Secure antivirus products (Internet Security 2006–2008, Anti-Virus 2006–2008, F-Secure Protection Service, and related products). The related entries in CVE-2008-0792 describe a vulnerability where remote attackers can bypass malware detection by presenting a craft...
CVE-2005-0350
CVE-2005-0350 describes a heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products. The vulnerability allows a remote attacker to execute arbitrary code by sending a crafted ARJ archive. The CVSS metrics indicate a network-exposed, low-attack-complexity issue with...
CVE-2006-3489
CVE-2006-3489 affects F-Secure products: Anti-Virus 2003–2006, Internet Security 2003–2006, and Service Platform for Service Providers 6.x and earlier. The vulnerability allows remote attackers to bypass anti-virus scanning by using a crafted filename. The available sources confirm the affected p...
CVE-2007-2965
CVE-2007-2965 concerns the Real-time Scanning component across multiple F-Secure products (Internet Security 2005–2007, Anti-Virus 2005–2007, and related Protection Service for Consumers 6.40 and earlier). The root cause is improper validation in IOCTL/I/O space handling, allowing a crafted I/O r...
CVE-2004-2442
CVE-2004-2442 covers a multiple interpretation error in several F-Secure Anti-Virus products (including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, and Anti-Virus for Linux/Gateways 4.61 and earlier). The issue allows remote attackers to bypass an...
CVE-2004-2220
CVE-2004-2220 affects F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31. The vulnerability is that the product does not reliably detect certain password-protected ZIP files, allowing remote attackers to bypass antivirus protection. Affected component: ZIP/password-protected archive scannin...
CVE-2007-5143
F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition is affected by CVE-2007-5143. Local users can bypass virus scanning by placing a crafted (archive or packed executable) into the system32 directory. In many environments this does not cross privilege boundaries since a process that can wr...
CVE-2004-2405
CVE-2004-2405 describes a buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, triggered by a malformed LHA archive. Impact stated: remote attackers could bypass scanning or cause a denial of service (crash or module restart), depending on the ...
CVE-2005-3664
The CVE-2005-3664 entry describes a heap-based buffer overflow in the Kaspersky Anti-Virus Engine, used by Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50, allowing remote code execution via a crafted CHM file. The provided referenc...
CVE-2007-1557
CVE-2007-1557 affects F-Secure Anti-Virus Client Security 6.02. The vulnerability is a format string issue in the Management Server name field on the Communication settings page, allowing local users to cause a denial of service and potentially gain privileges. Impact is described as local, with ...
CVE-2007-3300
CVE-2007-3300 affects multiple F-Secure anti-virus products for Windows and Linux prior to 20070619. The vulnerability allows remote attackers to bypass scanning by exploiting a crafted header in (1) LHA or (2) RAR archives. Root cause is a flaw in header handling that enables bypass of the antiv...
CVE-2005-3468
CVE-2005-3468 describes a directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40–6.42. The flaw lets limited remote attackers bypass Web Console authentication and read files, exposing partial confidentiality. The provided documents confi...
CVE-2006-0337
CVE-2006-0337 affects F-Secure Anti-Virus products for Windows and Linux (e.g., Windows Servers 5.52 and earlier; Internet Security 2004–2006; Linux Servers 4.64 and earlier). The vulnerability is a buffer overflow triggered by specially crafted ZIP archives, allowing remote code execution. Repor...
CVE-2006-3490
CVE-2006-3490 affects F-Secure Anti-Virus 2003–2006, Internet Security 2003–2006, and Service Platform for Service Providers 6.x and earlier. The issue is that the products do not scan files on removable media when the option “Scan network drives” is disabled, which can allow remote attackers to ...
CVE-2005-3546
The CVE-2005-3546 entry concerns F-Secure products: Internet Gatekeeper for Linux prior to 2.15.484 and Anti-Virus Linux Gateway prior to 2.16. The issue arises from SUID scripts (suid.cgi) being installed with world-executable permissions, enabling local users to gain privilege. The root cause i...
CVE-2006-2838
CVE-2006-2838 affects F-Secure products with a buffer overflow in the Web Console of multiple components, specifically F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40–6.42, and 6.50. The vulnerability allows an unauthenticated, remote attacker to cause a denial of ser...
CVE-2004-1762
Technical details for CVE-2004-1762 are not publicly available in the provided documents; no affected products, versions, or fixes are specified here. Monitor for updates as more information may emerge.
CVE-2004-0830
The CVE-2004-0830 issue affects the Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange (versions 6.01/6.21 and earlier) and F-Secure Internet Gatekeeper 6.32 and earlier. It stems from an input validation/exception handling error when processing malformed packets sent to the Con...
CVE-2006-6409
CVE-2006-6409 affects F-Secure Anti-Virus for Linux Gateways 4.65. The vulnerability allows remote attackers to cause a denial of service (potentially fatal scan error) and possibly bypass virus detection by inserting invalid characters into base64-encoded content within a multipart/mixed MIME fi...