18 matches found
CVE-2004-0234
CVE-2004-0234: LHA 1.14 contains multiple stack-based buffer overflows in get_header() of header.c, allowing remote attackers or local users to execute arbitrary code via long directory/file names in an LHA archive. The issue affects LHA as used in products such as Barracuda Spam Firewall; overfl...
CVE-2004-0235
CVE-2004-0235 impacts LHa (LHA) 1.14.x releases. Multiple directory traversal vulnerabilities allow remote attackers or local users to create arbitrary files via an archive containing filenames with .. sequences or absolute paths (//absolute/path). The issue affects LHA 1.14 (and related variants...
CVE-2010-1425
Summary: CVE-2010-1425 affects F-Secure and related antivirus products, whose scanning engines fail to detect malware in specially crafted 7Z, GZIP, CAB, and RAR archives. The issue enables remote malware delivery by archive content evasion, impacting several F-Secure offerings (including Interne...
CVE-2006-0338
The CVE-2006-0338 entry applies to multiple F-Secure Anti-Virus products on Windows and Linux (Windows Servers 5.52 and earlier; Internet Security 2004–2006; Linux Servers 4.64 and earlier). The vulnerability stems from how ZIP and RAR archives are handled, with malformed archives not being scann...
CVE-2008-1412
CVE-2008-1412 describes an unspecified vulnerability in multiple F-Secure antivirus products (notably Internet Security 2006–2008 and Anti-Virus 2006–2008) where a malformed archive triggers an unhandled exception, allowing a remote attacker to cause a crash or execute arbitrary code. The issue i...
CVE-2007-2966
CVE-2007-2966 describes a buffer overflow in the LHA decompression component of F-Secure antivirus products for Windows and Linux (pre-20070529). The flaw is triggered by a crafted LHA archive and is tied to an integer wrap issue, enabling remote attackers to potentially execute arbitrary code or...
CVE-2007-2967
The CVE-2007-2967 entry affects multiple F‑Secure antivirus products for Windows and Linux prior to 20070522. The vulnerability is a denial of service via crafted ARJ archives or FSG packed files that can cause a file-scanning infinite loop within the scanner component. Impact is a complete denia...
CVE-2008-0792
CVE-2008-0792 affects multiple F-Secure antivirus products (Internet Security 2006–2008, Anti-Virus 2006–2008, F-Secure Protection Service, and others). The vulnerability allows remote attackers to bypass malware detection by presenting a crafted CAB archive. The documents do not provide exploit ...
CVE-2008-6085
CVE-2008-6085 describes an integer overflow in multiple F-Secure products (e.g., Internet Security 2006–2008, Anti-Virus 2006–2008) when scanning inside compressed archives. A crafted RPM archive can trigger a buffer overflow, allowing a remote attacker to execute arbitrary code. The vulnerabilit...
CVE-2005-0350
CVE-2005-0350 describes a heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products. The vulnerability allows a remote attacker to execute arbitrary code by sending a crafted ARJ archive. The CVSS metrics indicate a network-exposed, low-attack-complexity issue with...
CVE-2007-2965
CVE-2007-2965 concerns the Real-time Scanning component across multiple F-Secure products (Internet Security 2005–2007, Anti-Virus 2005–2007, and related Protection Service for Consumers 6.40 and earlier). The root cause is improper validation in IOCTL/I/O space handling, allowing a crafted I/O r...
CVE-2008-0910
CVE-2008-0910 is connected to F-Secure antivirus products (Internet Security 2006–2008, Anti-Virus 2006–2008, F-Secure Protection Service, and related products). The related entries in CVE-2008-0792 describe a vulnerability where remote attackers can bypass malware detection by presenting a craft...
CVE-2006-3489
CVE-2006-3489 affects F-Secure products: Anti-Virus 2003–2006, Internet Security 2003–2006, and Service Platform for Service Providers 6.x and earlier. The vulnerability allows remote attackers to bypass anti-virus scanning by using a crafted filename. The available sources confirm the affected p...
CVE-2004-2442
CVE-2004-2442 covers a multiple interpretation error in several F-Secure Anti-Virus products (including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, and Anti-Virus for Linux/Gateways 4.61 and earlier). The issue allows remote attackers to bypass an...
CVE-2004-2405
CVE-2004-2405 describes a buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, triggered by a malformed LHA archive. Impact stated: remote attackers could bypass scanning or cause a denial of service (crash or module restart), depending on the ...
CVE-2006-0337
CVE-2006-0337 affects F-Secure Anti-Virus products for Windows and Linux (e.g., Windows Servers 5.52 and earlier; Internet Security 2004–2006; Linux Servers 4.64 and earlier). The vulnerability is a buffer overflow triggered by specially crafted ZIP archives, allowing remote code execution. Repor...
CVE-2006-3490
CVE-2006-3490 affects F-Secure Anti-Virus 2003–2006, Internet Security 2003–2006, and Service Platform for Service Providers 6.x and earlier. The issue is that the products do not scan files on removable media when the option “Scan network drives” is disabled, which can allow remote attackers to ...
CVE-2007-3300
CVE-2007-3300 affects multiple F-Secure anti-virus products for Windows and Linux prior to 20070619. The vulnerability allows remote attackers to bypass scanning by exploiting a crafted header in (1) LHA or (2) RAR archives. Root cause is a flaw in header handling that enables bypass of the antiv...