F-Secure reports on self

Anti-virus vendor F-Secure has detected a vulnerability in one of its own products, the company said in an advisory Thursday.

The vulnerability affects 18 of the Finnish firms' products for Microsoft Windows and Linux operating systems. A hacker could create custom ZIP files to cause a buffer overflow, allowing attackers to execute malicious code on affected systems.

A malfunction also could occur in which RAR and ZIP archives are not properly scanned, allowing malware to go undetected, security-monitoring firm Secunia said in an advisory today. Secunia rated the vulnerability "highly critical."

No attacks have resulted from the vulnerability, F-Secure said.

Users of the latest F-Secure products, including F-Secure Internet Security and Anti-Virus 2004-2006, do not need to act, the company said. It automatically delivered a hotfix to those affected systems around 6:30 a.m. (EST) Thursday.

The company recommended that users of other products containing the vulnerabilities should install a patch or upgrade to an unaffected version.

F-Secure credited blogger Thierry Zoller with detecting the vulnerability.

On his website, Zoller, a security engineer from Luxembourg, credited F-Secure with making the software flaw public, saying other anti-virus vendors with similar vulnerabilities "fixed the bugs silently or put a small notice in a change log."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.