CVE-2008-1412

Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
http://www.f-secure.com/security/fsc-2008-2.shtml	Patch
http://secunia.com/advisories/29397	Vendor Advisory
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml
http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotfixes.shtml
http://www.securityfocus.com/bid/28282
http://www.securitytracker.com/id?1019618
http://www.securitytracker.com/id?1019619
http://www.securitytracker.com/id?1019620
http://www.vupen.com/english/advisories/2008/0903/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41234

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f-secure:f-secure_anti-virus:2007:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:2007:second_edition::::::
	cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:2003:::::::*
	cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:5.0:::::::*
	cpe:2.3:a:f-secure:f-secure_protection_service_for_business::::::::
	cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers::::::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:2008:::::::*
	cpe:2.3:a:f-secure:f-secure_internet_security:2006:::::::*
	cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:6:::::::*
	cpe:2.3:a:f-secure:f-secure_mobile_security_for_series_80::::::::
	cpe:2.3:a:f-secure:f-secure_internet_security:2007:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:2006:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations::::::::
	cpe:2.3:a:f-secure:f-secure_internet_security:2008:::::::*
	cpe:2.3:a:f-secure:f-secure_client_security::::::::
	cpe:2.3:a:f-secure:f-secure_internet_security:2007:second_edition::::::
	cpe:2.3:a:f-secure:f-secure_anti-virus_for_linux::::::::
	cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security::::::::
	cpe:2.3:a:f-secure:f-secure_anti-virus_client_security::::::::
	cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_s60:2nd_edition:::::::*

Information

Published : 2008-03-20 03:44

Updated : 2017-08-07 18:30

NVD link : CVE-2008-1412

Mitre link : CVE-2008-1412

JSON object : View

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

Products Affected

f-secure

f-secure_protection_service_for_consumers
f-secure_anti-virus
f-secure_mobile_security_for_series_80
f-secure_mobile_antivirus_for_windows_mobile
f-secure_anti-virus_client_security
f-secure_protection_service_for_business
f-secure_mobile_antivirus_for_s60
f-secure_anti-virus_for_linux
f-secure_anti-virus_for_workstations
f-secure_anti-virus_linux_client_security
f-secure_internet_security
f-secure_client_security

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html", "name": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.f-secure.com/security/fsc-2008-2.shtml", "name": "http://www.f-secure.com/security/fsc-2008-2.shtml", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/29397", "name": "29397", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", "tags": [], "refsource": "MISC"}, {"url": "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml", "name": "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml", "tags": [], "refsource": "CONFIRM"}, {"url": "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotfixes.shtml", "name": "http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotfixes.shtml", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/28282", "name": "28282", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1019618", "name": "1019618", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1019619", "name": "1019619", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1019620", "name": "1019620", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2008/0903/references", "name": "ADV-2008-0903", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41234", "name": "fsecure-archives-code-execution(41234)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1412", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2008-03-20T10:44Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2007:second_edition:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:2003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.10"}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.00"}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_mobile_security_for_series_80:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.11"}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_client_security:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.11"}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2007:second_edition:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_linux:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.65"}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.54"}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.04"}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_s60:2nd_edition:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:30Z"}

6.8 /10