CVE-2006-0338

3 documents3 sources

Severity

5.0MEDIUM

EPSS

2.1%

top 15.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F-secure F-secure Anti-virus F-secure F-secure Internet Security F-secure F-secure Personal Express +1 more

Timeline

PublishedJan 21

Latest updateMay 1

Description

Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDf-secure/f-secure_anti-virus25 versions+24

▶NVDf-secure/f-secure_internet_security2004, 2005, 2006+2

▶NVDf-secure/internet_gatekeeper5 versions+4

▶NVDf-secure/f-secure_personal_express4 versions+3

Patches

Patch: secunia.com ↗Patch: www.f-secure.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-hxcg-vv35-j3mm: Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5↗2022-05-01

▶

CVEList

CVE-2006-0338: Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5↗2006-01-21

▶