Vulnerability Description
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F-Secure | Anti-Virus | <= 9.00 |
| F-Secure | F-Secure Anti-Virus | All versions |
| F-Secure | F-Secure Anti-Virus Client Security | All versions |
| F-Secure | F-Secure Anti-Virus For Citrix Servers | 7.00 |
| F-Secure | F-Secure Anti-Virus For Linux | All versions |
| F-Secure | F-Secure Anti-Virus For Microsoft Exchange | 6.62 |
| F-Secure | F-Secure Anti-Virus For Mimesweeper | 5.61 |
| F-Secure | F-Secure Anti-Virus For Windows Servers | 8.00 |
| F-Secure | F-Secure Anti-Virus For Workstations | All versions |
| F-Secure | F-Secure Anti-Virus Linux Client Security | All versions |
| F-Secure | F-Secure Anti-Virus Linux Server Security | All versions |
| F-Secure | F-Secure Internet Security | All versions |
| F-Secure | Home Server Security | 2009 |
| F-Secure | Internet Gatekeeper | <= 4.02 |
References
- http://secunia.com/advisories/39396Vendor Advisory
- http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.htmlPatchVendor Advisory
- http://www.securitytracker.com/id?1023841
- http://www.securitytracker.com/id?1023842
- http://www.securitytracker.com/id?1023843
- http://www.vupen.com/english/advisories/2010/0855PatchVendor Advisory
- http://secunia.com/advisories/39396Vendor Advisory
- http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.htmlPatchVendor Advisory
- http://www.securitytracker.com/id?1023841
- http://www.securitytracker.com/id?1023842
- http://www.securitytracker.com/id?1023843
- http://www.vupen.com/english/advisories/2010/0855PatchVendor Advisory
FAQ
What is CVE-2010-1425?
CVE-2010-1425 is a vulnerability with a CVSS score of 5.0 (MEDIUM). F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02...
How severe is CVE-2010-1425?
CVE-2010-1425 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1425?
Check the references section above for vendor advisories and patch information. Affected products include: F-Secure Anti-Virus, F-Secure F-Secure Anti-Virus, F-Secure F-Secure Anti-Virus Client Security, F-Secure F-Secure Anti-Virus For Citrix Servers, F-Secure F-Secure Anti-Virus For Linux.