- Mar 15, 2011
- 13,070
F-Secure has patched a remote code execution vulnerability that affected several of its security products and exposed users to drive-by download attacks.
The buffer overflow vulnerability was discovered by security consultant Anil Aphale, aka 41.w4r10r, and is located in the F-Secure Gadget Resource Handler ActiveX Control (fsresh.dll).
According to vulnerability management vendor Secunia, which rates this vulnerability as highly critical, the flaw is caused by a boundary error in the handling of the "initialize()" method.
The vulnerability can be exploited by tricking victims into visiting a specially-crafted web page using Internet Explorer.
F-Secure Anti-Virus 2010 and 2011, F-Secure Internet Security 2010 and 2011, as well as products based on F-Secure Protection Service for Consumers version 9 and F-Secure Protection Service for Business - Workstation security version 9 are affected by this flaw.
Read More
F-secure Security Advisory
Secunia Link