WebWasher Classic is "a well known HTTP-URL/Popup/Script filtering proxy which is free for non commercial use".
A flaw in the design of WebWasher allows a malicious attacker to bypass firewall rules and ACLs and connect to the machine running WebWasher even when not permitted.
* WebWasher Classic v3.3 and v.2.2.1 on Windows platform.
F-Secure Multiple Products ARJ Archive Handling Vulnerability
ISS X-Force has reported a vulnerability in multiple F-Secure products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the antivirus scanning functionality when processing ARJ archives. This can be exploited to cause a buffer overflow via a specially crafted ARJ archive.
Successful exploitation allows execution of arbitrary code, but requires that the malicious ARJ archive is scanned with archive scanning enabled.
The following products are affected:
* F-Secure Anti-Virus for Workstation version 5.43 and earlier
* F-Secure Anti-Virus for Windows Servers version 5.50 and earlier
* F-Secure Anti-Virus for Citrix Servers version 5.50
* F-Secure Anti-Virus for MIMEsweeper version 5.51 and earlier
* F-Secure Anti-Virus Client Security version 5.55 and earlier
* F-Secure Anti-Virus for MS Exchange version 6.31 and earlier
* F-Secure Internet Gatekeeper version 6.41 and earlier
* F-Secure Anti-Virus for Firewalls version 6.20 and earlier
* F-Secure Internet Security 2004 and 2005
* F-Secure Anti-Virus 2004 and 2005
* Solutions based on F-Secure Personal Express version 5.10 and earlier
* F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier
* F-Secure Anti-Virus for Linux Servers version 4.61 and earlier
* F-Secure Anti-Virus for Linux Gateways version 4.61 and earlier
* F-Secure Anti-Virus for Samba Servers version 4.60
* F-Secure Anti-Virus Linux Client Security 5.01 and earlier
* F-Secure Anti-Virus Linux Server Security 5.01 and earlier
* F-Secure Internet Gatekeeper for Linux 2.06
Apply patches (see vendor advisory for details).