February 2005

ID: 00122
Ref: 105/2005
Date: 10 February 2005:16:33:20
Version: 1

---

Title: F-Secure Security Bulletin - FSC-2005-1 Code execution in ARJ-archive handling (F-Secure)
Abstract: Specially crafted ARJ packages may be used to execute code on affected systems.
Vendors affected: F-Secure
Applications affected: F-Secure

---

F-Secure Security Bulletin
FSC-2005-1 Code execution in ARJ-archive handling (F-Secure)

Detail
======

Vulnerable Software
===================
F-Secure's antivirus products

Risk factor
===========
Critical

Brief description
=================
Specially crafted ARJ packages may be used to execute code on affected systems.

Affected versions
=================
F-Secure Anti-Virus for Workstation version 5.43 and earlier
F-Secure Anti-Virus for Windows Servers version 5.50 and earlier
F-Secure Anti-Virus for Citrix Servers version 5.50
F-Secure Anti-Virus for MIMEsweeper version 5.51 and earlier
F-Secure Anti-Virus Client Security version 5.55 and earlier
F-Secure Anti-Virus for MS Exchange version 6.31 and earlier
F-Secure Internet Gatekeeper version 6.41 and earlier
F-Secure Anti-Virus for Firewalls version 6.20 and earlier
F-Secure Internet Security 2004 and 2005
F-Secure Anti-Virus 2004 and 2005
Solutions based on F-Secure Personal Express version 5.10 and earlier
F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier
F-Secure Anti-Virus for Linux Servers version 4.61 and earlier
F-Secure Anti-Virus for Linux Gateways version 4.61 and earlier
F-Secure Anti-Virus for Samba Servers version 4.60
F-Secure Anti-Virus Linux Client Security 5.01 and earlier
F-Secure Anti-Virus Linux Server Security 5.01 and earlier
F-Secure Internet Gatekeeper for Linux 2.06

URL:
http://www.f-secure.com/security/fsc-2005-1.shtml