A vulnerability in F-Secure Anti-Virus and Internet Security System can
be infected by visiting a specially crafted Web page with malicious
code, the manufacturer warns. Vulnerable versions are respectively the
2010 and the current 2011th Also, version 9 of the F-Secure Protection
Service (Consumer and Business) is vulnerable.
The vulnerability is located in the ActiveX module fsresh.dll and is
thus only users of Internet Explorer and browsers based on it. Through
the gap may allow an attacker to overwrite the error handling routine
and so own shellcode. Has discovered the vulnerability, security expert
Anil Aphal who has already released an exploit.
Remedy creates a patch, the F-Secure for several days on the automatic
update function of the distributed programs. Users of affected programs
should therefore ensure that their system is supplied with the latest
updates.
No comments:
Post a Comment