F-Secure yesterday urged users of its anti-virus products to apply security patches following the discovery of potentially serious security vulnerability in 18 of its products. The security bug - unearthed by security researchers at ISS - involves flaws in the processing of ARJ archive files by an antivirus library that give rise to possible buffer overflow attacks. Desktop, server (Linux and Windows) and gateway version of F-Secure's security products all need attention.

"We urge all affected users to apply the patch, before some clown virus-writer tries to exploit it," said Mikko Hyppönen, director of anti-virus research at F-Secure. "This hole is related to a bug in our routine that unpacks ARJ archive files. The bug would allow an attacker to execute code when his ARJ file is scanned."

Update details are here [1]. ISS's alert is here [2]. Earlier this week ISS issued an alert over a similar but distinct vulnerability involving 30 security packages from Symantec. In that case, the vulnerability stemmed from a flaw in an antivirus scanning component involving the processing of UPX compressed files. ®

Related stories

Symantec anti-virus flaw hits 30 products [3]
F-inSecure mailing list spreads Netsky-B virus [4]
DoS risk from Zip of death attacks on AV software? [5]

Links

1. http://www.f-secure.com/security/fsc-2005-1.shtml
2. http://xforce.iss.net/xforce/alerts/id/188
3. http://www.theregister.co.uk/2005/02/10/symantec_uberbug/
4. http://www.theregister.co.uk/2004/02/27/finsecure_mailing_list_spreads_netskyb/
5. http://www.theregister.co.uk/2001/07/23/dos_risk_from_zip/