For those of you in Canada who have Shaw as your Internet provider and have the Shaw Secure package from them - you are running F-Secure antivirus and need to find out if it’s a version affected by this advisory (it probably is).

“Secunia Advisory: SA14216

Critical: Highly critical

Impact: System access

Where: From remote

Solution Status: Vendor Patch

Software: F-Secure Anti-Virus 2004, F-Secure Anti-Virus 2005, F-Secure Anti-Virus 5.x, F-Secure Anti-Virus Client Security 5.x, F-Secure Anti-Virus for Firewalls 6.x, F-Secure Anti-Virus for Linux 4.x, F-Secure Anti-Virus for Microsoft Exchange 6.x, F-Secure Anti-Virus for MIMEsweeper 5.x, F-Secure Anti-Virus for Samba Servers 4.x, F-Secure Anti-Virus for Workstations 5.x, F-Secure Internet Gatekeeper 6.x, F-Secure Internet Gatekeeper for Linux 2.x, F-Secure Internet Security 2004, F-Secure Internet Security 2005

ISS X-Force has reported a vulnerability in multiple F-Secure products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the antivirus scanning functionality when processing ARJ archives. This can be exploited to cause a buffer overflow via a specially crafted ARJ archive.

Successful exploitation allows execution of arbitrary code, but requires that the malicious ARJ archive is scanned with archive scanning enabled.

The following products are affected:
* F-Secure Anti-Virus for Workstation version 5.43 and earlier
* F-Secure Anti-Virus for Windows Servers version 5.50 and earlier
* F-Secure Anti-Virus for Citrix Servers version 5.50
* F-Secure Anti-Virus for MIMEsweeper version 5.51 and earlier
* F-Secure Anti-Virus Client Security version 5.55 and earlier
* F-Secure Anti-Virus for MS Exchange version 6.31 and earlier
* F-Secure Internet Gatekeeper version 6.41 and earlier
* F-Secure Anti-Virus for Firewalls version 6.20 and earlier
* F-Secure Internet Security 2004 and 2005
* F-Secure Anti-Virus 2004 and 2005
* Solutions based on F-Secure Personal Express version 5.10 and earlier
* F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier
* F-Secure Anti-Virus for Linux Servers version 4.61 and earlier
* F-Secure Anti-Virus for Linux Gateways version 4.61 and earlier
* F-Secure Anti-Virus for Samba Servers version 4.60
* F-Secure Anti-Virus Linux Client Security 5.01 and earlier
* F-Secure Anti-Virus Linux Server Security 5.01 and earlier
* F-Secure Internet Gatekeeper for Linux 2.06

Solution: Apply patches (see vendor advisory for details).

Original Advisory: F-Secure: http://www.f-secure.com/security/fsc-2005-1.shtml

ISS: http://xforce.iss.net/xforce/alerts/id/188

Full article: F-Secure Multiple Products ARJ Archive Handling Vulnerability