Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6085

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2008-6085
Last Modified 07 Mar 2011 10:15:42
Published 06 Feb 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-6085

Summary

Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.

Vulnerable Systems

Application

  • F-secure Anti-virus 2006

  • F-secure Anti-virus 2007

  • F-secure Anti-virus 2008

  • F-secure Anti-virus 2009

  • F-secure Anti-virus 7.02

  • F-secure Anti-virus For Citrix Servers 7.00

  • F-secure Anti-virus For Microsoft Exchange 6.62

  • F-secure Anti-virus For Microsoft Exchange 7.00

  • F-secure Anti-virus For Microsoft Exchange 7.10

  • F-secure Anti-virus For Mimesweeper 5.61

  • F-secure Anti-virus For Windows Servers 8.00

  • F-secure Anti-virus For Workstations 7.10

  • F-secure Anti-virus For Workstations 7.11

  • F-secure Anti-virus Linux Client Security 5.30

  • F-secure Anti-virus Linux Client Security 5.52

  • F-secure Anti-virus Linux Client Security 5.53

  • F-secure Anti-virus Linux Client Security 5.54

  • F-secure Anti-virus Linux Server Security 5.30

  • F-secure Anti-virus Linux Server Security 5.52

  • F-secure Anti-virus Linux Server Security 5.54

  • F-secure Client Security 7.11

  • F-secure Client Security 7.12

  • F-secure Home Server Security 2009

  • F-secure Internet Gatekeeper For Linux 2.16

  • F-secure Internet Gatekeeper For Windows 6.61

  • F-secure Internet Security 2006

  • F-secure Internet Security 2007

  • F-secure Internet Security 2008

  • F-secure Internet Security 2009

  • F-secure Internet Security 7.02

  • F-secure Linux Security 7.01

  • F-secure Messaging Security Gateway 4.0.7

  • F-secure Messaging Security Gateway 5.0.4

  • F-secure Protection Service For Business 3.00

  • F-secure Protection Service For Business 3.10

  • F-secure Protection Service For Consumers 5.00

  • F-secure Protection Service For Consumers 6.00

  • F-secure Protection Service For Consumers 7.00

  • F-secure Protection Service For Consumers 8.00


References

CONFIRM - http://www.f-secure.com/security/fsc-2008-3.shtml

XF - fsecure-multipleproducts-rpm-bo(46016)

VUPEN - ADV-2008-2874

SECTRACK - 1021073

BID - 31846

SECUNIA - 32352


Last Updated: 27 May 2016 10:49:04