F-Secure: Critical Buffer Overflow Threat in Antivirus Products

F-Secure has become the latest security firm to be embarrassed by a flaw in its flagship security product line, but the company manged to patch the flaw while it was still only 'theoretical' F-Secure has released a patch for a serious flaw in its antivirus products, the second time in a week a security company has warned of a risk in its software.

The security hole in the antivirus library affects 18 products for desktops, servers and gateways, with the network products at "critical" risk, F-Secure said in a bulletin on Thursday. By creating a specially crafted ARJ archive file, an intruder could use a buffer overflow to run arbitrary code on an unpatched machine, said Tony Magellanez, a systems engineer at F-Secure.

The link for this article located at ZDNet.co.uk is no longer available.