Vulnerability Description
Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F-Secure | F-Secure Anti-Virus | 7.02 |
| F-Secure | F-Secure Anti-Virus For Citrix Servers | <= 7.00 |
| F-Secure | F-Secure Anti-Virus For Microsoft Exchange | <= 7.10 |
| F-Secure | F-Secure Anti-Virus For Mimesweeper | <= 5.61 |
| F-Secure | F-Secure Anti-Virus For Windows Servers | <= 8.00 |
| F-Secure | F-Secure Anti-Virus For Workstations | 7.10 |
| F-Secure | F-Secure Anti-Virus Linux Client Security | <= 5.54 |
| F-Secure | F-Secure Anti-Virus Linux Server Security | <= 5.54 |
| F-Secure | F-Secure Client Security | <= 7.12 |
| F-Secure | F-Secure Home Server Security | 2009 |
| F-Secure | F-Secure Internet Gatekeeper For Linux | <= 2.16 |
| F-Secure | F-Secure Internet Gatekeeper For Windows | <= 6.61 |
| F-Secure | F-Secure Internet Security | 7.02 |
| F-Secure | F-Secure Linux Security | <= 7.01 |
| F-Secure | F-Secure Messaging Security Gateway | <= 5.0.4 |
| F-Secure | F-Secure Protection Service For Business | <= 3.10 |
| F-Secure | F-Secure Protection Service For Consumers | <= 8.00 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32352Vendor Advisory
- http://www.f-secure.com/security/fsc-2008-3.shtmlPatchVendor Advisory
- http://www.securityfocus.com/bid/31846
- http://www.securitytracker.com/id?1021073
- http://www.vupen.com/english/advisories/2008/2874
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46016
- http://secunia.com/advisories/32352Vendor Advisory
- http://www.f-secure.com/security/fsc-2008-3.shtmlPatchVendor Advisory
- http://www.securityfocus.com/bid/31846
- http://www.securitytracker.com/id?1021073
- http://www.vupen.com/english/advisories/2008/2874
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46016
FAQ
What is CVE-2008-6085?
CVE-2008-6085 is a vulnerability with a CVSS score of 7.6 (HIGH). Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, ...
How severe is CVE-2008-6085?
CVE-2008-6085 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6085?
Check the references section above for vendor advisories and patch information. Affected products include: F-Secure F-Secure Anti-Virus, F-Secure F-Secure Anti-Virus For Citrix Servers, F-Secure F-Secure Anti-Virus For Microsoft Exchange, F-Secure F-Secure Anti-Virus For Mimesweeper, F-Secure F-Secure Anti-Virus For Windows Servers.