Security Provider’s Vulnerability Exposed

Monday, August 29, 2011 @ 05:08 PM gHale

Security vendor, F-Secure, patched a remote code execution vulnerability that affected several of its products and exposed users to drive-by download attacks.

The buffer overflow vulnerability, discovered by security consultant Anil Aphale, aka 41.w4r10r, is in the F-Secure Gadget Resource Handler ActiveX Control (fsresh.dll).

Poison Ivy Infected RSA to Steal SecurID
Compliance Does Not Mean Secure
Report: Malware Tougher to Detect
Malware Feeds Off Slow Patching

The cause of the flaw is a boundary error in the handling of the “initialize()” method, according to vulnerability management vendor Secunia, which rates this vulnerability as highly critical.

The vulnerability can trick victims into visiting a specially-crafted web page using Internet Explorer.

F-Secure Anti-Virus 2010 and 2011, F-Secure Internet Security 2010 and 2011, as well as products based on F-Secure Protection Service for Consumers version 9 and F-Secure Protection Service for Business — Workstation security version 9 all suffer from this flaw.

End users, however, do not need to take any action if they have their products configured to update themselves automatically, which is the default behavior.

“These products are affected by the vulnerability, but the needed hotfix is distributed automatically by the update system. End users do not need to take any actions,” the F-Secure advisory said.

The vulnerability is a reminder of why professionals in the manufacturing automation arena should never rely on a single layer of protection.

Leave a Reply

You must be logged in to post a comment.