CVE-2008-1412

EPSS 27.05%
Veröffentlicht 20.03.2008 10:44:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

F-secure ≫ F-secure Anti-virus Version2006

F-secure ≫ F-secure Anti-virus Version2007

F-secure ≫ F-secure Anti-virus Version2007 Updatesecond_edition

F-secure ≫ F-secure Anti-virus Version2008

F-secure ≫ F-secure Anti-virus Client Security Version <= 6.04

F-secure ≫ F-secure Anti-virus For Linux Version <= 4.65

F-secure ≫ F-secure Anti-virus For Workstations Version <= 7.11

F-secure ≫ F-secure Anti-virus Linux Client Security Version <= 5.54

F-secure ≫ F-secure Client Security Version <= 7.11

F-secure ≫ F-secure Internet Security Version2006

F-secure ≫ F-secure Internet Security Version2007

F-secure ≫ F-secure Internet Security Version2007 Updatesecond_edition

F-secure ≫ F-secure Internet Security Version2008

F-secure ≫ F-secure Mobile Antivirus For S60 Version2nd_edition

F-secure ≫ F-secure Mobile Antivirus For Windows Mobile Version5.0

F-secure ≫ F-secure Mobile Antivirus For Windows Mobile Version6

F-secure ≫ F-secure Mobile Antivirus For Windows Mobile Version2003

F-secure ≫ F-secure Mobile Security For Series 80

F-secure ≫ F-secure Protection Service For Business Version <= 3.10

F-secure ≫ F-secure Protection Service For Consumers Version <= 7.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	27.05%	0.962

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

http://secunia.com/advisories/29397

Vendor Advisory

http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml

http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotfixes.shtml

http://www.f-secure.com/security/fsc-2008-2.shtml

Patch

http://www.securityfocus.com/bid/28282

http://www.securitytracker.com/id?1019618

http://www.securitytracker.com/id?1019619

http://www.securitytracker.com/id?1019620