F-Secure issues patch for critical flaws

Flaws in the way F-Secure software handles ZIP and RAR data compression archives could allow an attacker to execute remote code on users' systems and also to bypass F-Secure's antivirus-scanning capabilities.

Vulnerabilities were found in 19 versions of F-Secure's antivirus products for Microsoft Windows, as well as in its products for Linux, according to F-Secure's advisory.

F-Secure was originally advised of the scanning vulnerability by independent researcher Thierry Zoller, said Mikko Hypponen, F-Secure's chief research officer. In researching the bug, he said, "we found that the vulnerabilities were much more serious. We found it was not just the scanning that could be bypassed but also (that) a malicious attacker could execute code."

Attackers could create a modified ZIP archive that could lead to a buffer overflow, allowing for the execution of code that could take over a user's system. The flaws could also allow attackers to create malformed RAR and ZIP archives that couldn't be properly scanned for malicious software.

The affected software includes F-Secure's Anti-Virus for Windows Servers versions 5.52 and earlier, Anti-Virus for MS Exchange versions 6.40 and earlier, and Anti-Virus for Linux Workstations versions 4.52 and earlier, as well as 16 other versions of the software.

"We learned of the scanning bug in early December, but because it affected a wide range of our products, we wanted to release a fix for all (of the affected versions) at once," Hypponen said.

F-Secure's "critical" security update is its first in 2006. Last February, the company issued updates for flaws found in its antivirus library.

F-Secure is the latest security vendor to find flaws in its software. Earlier this month, security giant Symantec issued a patch to fix vulnerabilities in its NortonWorks products that could allow an attacker to hide malicious software. And in October, Kaspersky Lab patched vulnerabilities in its antivirus library.