A vulnerability was found in F-Secure Online Scanner (affected version unknown). It has been rated as problematic. This issue affects an unknown functionality of the file F-SecureOnlineScanner.exe. The manipulation with an unknown input leads to a untrusted search path vulnerability. Using CWE to declare the problem leads to CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe.

The bug was discovered 12/17/2015. The weakness was disclosed 08/02/2017 by Stefan Kanthak as not defined posting (Bugtraq). The advisory is shared at securityfocus.com. The identification of this vulnerability is CVE-2015-8264 since 11/19/2015. An attack has to be approached locally. The successful exploitation needs a simple authentication. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1574 for this issue.

The vulnerability was handled as a non-public zero-day exploit for at least 594 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Vendor

• F-Secure

Name

• Online Scanner

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion