F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection.
📦
f-secure_anti-virus_for_microsoft_exchange
Vendor: f-secure
Actively Exploited
0
CISA KEV List
PoC / Exploits
0
Code Available
Total RCEs
1
Remote Access
Total CVEs
226
Total Indexed
Avg. EPSS
5.49%
Exploit Prob.
Security Vulnerability Index
Page 1 / 23
5.0
CVSS
Severity: MEDIUM
7.6
CVSS
CVE-2008-6085
RCE
Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.
Severity: HIGH