CVE-2008-1412

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.8MEDIUM

EPSS

27.0%

top 3.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F-secure F-secure Anti-virus Client Security F-secure F-secure Anti-virus FOR Linux F-secure F-secure Anti-virus FOR Workstations +8 more

Timeline

PublishedMar 20

Latest updateMay 1

Description

Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages7 packages

▶NVDf-secure/f-secure_anti-virus_client_security6.04

▶NVDf-secure/f-secure_anti-virus_linux_client_security5.54

▶NVDf-secure/f-secure_anti-virus2006, 2007, 2008+2

▶NVDf-secure/f-secure_mobile_antivirus4 versions+3

▶NVDf-secure/f-secure_internet_security2006, 2007, 2008+2

Patches

Patch: www.f-secure.com ↗Patch: www.f-secure.com ↗

🔴Vulnerability Details

GHSA

GHSA-cjww-6mv8-7234: Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and o↗2022-05-01

▶

CVEList

CVE-2008-1412: Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and o↗2008-03-20

▶