F-Secure ZIP/RAR Archive Handling Overflow Multiple RCE

High Nessus Plugin ID 20804


An antivirus application installed on the remote host is affected by multiple remote code execution vulnerabilities


The version of F-Secure Anti-Virus installed on the remote Windows host is affected by multiple flaws in the way it handles ZIP and RAR archives. An attacker can exploit these, via specially crafted files, to bypass scanning or execute arbitrary code with SYSTEM privileges.


Enable auto-updates if using F-Secure Internet Security 2004-2006, F-Secure Anti-Virus 2004-2006, or F-Secure Personal Express version 6.20 or earlier. Alternatively, apply the appropriate hotfix as referenced in the vendor advisory.

See Also



Plugin Details

Severity: High

ID: 20804

File Name: fsecure_archive_overflows.nasl

Version: $Revision: 1.20 $

Type: local

Agent: windows

Family: Windows

Published: 2006/01/24

Modified: 2016/12/08

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:U/RC:C


Base Score: 7.3

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:f-secure:f-secure_anti-virus

Required KB Items: SMB/name, SMB/login, SMB/password, SMB/registry_full_access, SMB/transport

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2006/01/19

Reference Information

CVE: CVE-2006-0337, CVE-2006-0338

BID: 16309

OSVDB: 22632, 22633