Vulnerability Description
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F-Secure | F-Secure Anti-Virus | 2006 |
| F-Secure | F-Secure Anti-Virus Client Security | <= 6.04 |
| F-Secure | F-Secure Anti-Virus For Linux | <= 4.65 |
| F-Secure | F-Secure Anti-Virus For Workstations | <= 7.11 |
| F-Secure | F-Secure Anti-Virus Linux Client Security | <= 5.54 |
| F-Secure | F-Secure Client Security | <= 7.11 |
| F-Secure | F-Secure Internet Security | 2006 |
| F-Secure | F-Secure Mobile Antivirus For S60 | 2nd_edition |
| F-Secure | F-Secure Mobile Antivirus For Windows Mobile | 5.0 |
| F-Secure | F-Secure Mobile Security For Series 80 | All versions |
| F-Secure | F-Secure Protection Service For Business | <= 3.10 |
| F-Secure | F-Secure Protection Service For Consumers | <= 7.00 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/29397Vendor Advisory
- http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtm
- http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotf
- http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
- http://www.f-secure.com/security/fsc-2008-2.shtmlPatch
- http://www.securityfocus.com/bid/28282
- http://www.securitytracker.com/id?1019618
- http://www.securitytracker.com/id?1019619
- http://www.securitytracker.com/id?1019620
- http://www.vupen.com/english/advisories/2008/0903/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41234
- http://secunia.com/advisories/29397Vendor Advisory
- http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtm
- http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotf
FAQ
What is CVE-2008-1412?
CVE-2008-1412 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrar...
How severe is CVE-2008-1412?
CVE-2008-1412 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1412?
Check the references section above for vendor advisories and patch information. Affected products include: F-Secure F-Secure Anti-Virus, F-Secure F-Secure Anti-Virus Client Security, F-Secure F-Secure Anti-Virus For Linux, F-Secure F-Secure Anti-Virus For Workstations, F-Secure F-Secure Anti-Virus Linux Client Security.