A vulnerability classified as problematic was found in F-Secure Anti-Virus up to 6.40 on Exchange (Anti-Malware Software). This vulnerability affects some unknown functionality. The manipulation with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. As an impact it is known to affect confidentiality, and integrity.

The weakness was shared 11/02/2005 by Mikko Korppi (Website). The advisory is shared for download at f-secure.com. The attack can only be initiated within the local network. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1006.

Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at ftp.f-secure.com. The best possible mitigation is suggested to be upgrading to the latest version.

The entry 1863 is related to this item.

Productinfo

Type

• Anti-Malware Software

Vendor

• F-Secure

Name

• Anti-Virus

Version

• 6.0
• 6.1
• 6.2
• 6.3
• 6.4
• 6.5
• 6.6
• 6.7
• 6.8
• 6.9
• 6.10
• 6.11
• 6.12
• 6.13
• 6.14
• 6.15
• 6.16
• 6.17
• 6.18
• 6.19
• 6.20
• 6.21
• 6.22
• 6.23
• 6.24
• 6.25
• 6.26
• 6.27
• 6.28
• 6.29
• 6.30
• 6.31
• 6.32
• 6.33
• 6.34
• 6.35
• 6.36
• 6.37
• 6.38
• 6.39
• 6.40

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion