F-Secure ZIP/RAR Archive Handling Overflow Multiple RCE

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

An antivirus application installed on the remote host is affected by
multiple remote code execution vulnerabilities

Description :

The version of F-Secure Anti-Virus installed on the remote Windows
host is affected by multiple flaws in the way it handles ZIP and RAR
archives. An attacker can exploit these, via specially crafted files,
to bypass scanning or execute arbitrary code with SYSTEM privileges.

See also :

http://www.zoller.lu/
http://www.nessus.org/u?3072c99e

Solution :

Enable auto-updates if using F-Secure Internet Security 2004-2006,
F-Secure Anti-Virus 2004-2006, or F-Secure Personal Express version
6.20 or earlier. Alternatively, apply the appropriate hotfix as
referenced in the vendor advisory.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 20804 (fsecure_archive_overflows.nasl)

Bugtraq ID: 16309

CVE ID: CVE-2006-0337
CVE-2006-0338

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now