ID: 3407
Date: 28 September 2007 10:19
Title: 3407 - F-Secure Security Bulletin FSC-2007-6 - Anti-Virus for Windows Servers version 7.00
Abstract: Description of a security vulnerability where specially crafted archives and packed executables can bypass antivirus scanning.
Vendors affected:F-Secure
Applications affected:Anti-Virus for Windows Servers version 7.00
Warning Status: Imminent
Availability of fix: Available
Type of fix: Patch
Source: F-Secure
Reliability of source: Trusted
Source URL: http://www.f-secure.com/security/fsc-2007-6.shtml
F-Secure Security Bulletin FSC-2007-6
Vulnerabilities in scanning of specially crafted archives and certain packed executables
Date issued 2007-09-27
Last updated 2007-09-27
Risk factor High (Low/Medium/High/Critical)
Brief description Specially crafted archives and packed executables can bypass antivirus scanning.
Software F-Secure Anti-Virus for Windows Servers version 7.00
Affected versions F-Secure Anti-Virus for Windows Servers version 7.00
Affected platforms Windows Server 2003 64-bit edition for x64 processors
Bulletin location http://www.f-secure.com/security/fsc-2007-6.shtml
Issue: Placing a specially crafted archive or packed executable into the system32 folder may allow an attacker to bypass F-Secure's antivirus.
--------------------------------------------------------------------------------
Products: F-Secure Anti-Virus for Windows Servers version 7.00
Risk Factor: High
--------------------------------------------------------------------------------
Mitigating Factors: Exploitation of the vulnerabilities requires specially crafted archives or packed executables
Issue only exists on 64-bit server platforms
There are no known exploits.
Patch availability:
F-Secure Anti-Virus for Windows Servers 7.00
ftp://ftp.f-secure.com/support/hotfix/fsav/fsav720-01-signed.fsfix
Credits: F-Secure wants to thank Mr Papadorotheoun for pinpointing this issue.
Revision History: FSC-2007-6 - 2007-09-27
Contact Information:
Support: http://support.f-secure.com/enu/home/contactus/
Security: http://www.f-secure.com/security/
URL: http://www.f-secure.com/
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.