F-Secure Anti-Virus for Windows system32 Directory Crafted File Detection Bypass

Low Nessus Plugin ID 26193


The remote Windows host has an antivirus application that may fail to scan selected files.


The remote host is running F-Secure Anti-Virus for Windows Servers.

According to its version, the installation of this software on the remote host may allow an attacker by bypass antivirus scanning by placing a specially crafted archive or packed executable into the 'system32' folder.

Note that this issue only affects 64-bit server platforms, which Nessus has determined the remote host to be.


Apply the patch referenced in the vendor advisory above.

See Also


Plugin Details

Severity: Low

ID: 26193

File Name: fsecure_fsc2007_6.nasl

Version: $Revision: 1.15 $

Type: local

Agent: windows

Family: Windows

Published: 2007/09/28

Modified: 2016/05/05

Dependencies: 13855

Risk Information

Risk Factor: Low


Base Score: 1.9

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:f-secure:f-secure_anti-virus

Required KB Items: SMB/WindowsVersion, SMB/name, SMB/login, SMB/password

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2007-5143

BID: 25824

OSVDB: 41377