CVE-2008-1412: Input Validation
First published: Thu Mar 20 2008(Updated: )
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows Mobile | =2003 | |
| F-Secure Anti-Virus | =2007-second_edition | |
| F-Secure Anti-Virus | =2008 | |
| F-Secure Anti-Virus | =2006 | |
| F-Secure Anti-Virus for workstations | <=7.11 | |
| F-Secure Internet Security 2010 | =2008 | |
| F-Secure Protection Service for Business | <=3.10 | |
| F-Secure protection service for consumers | <=7.00 | |
| F-Secure Client Security | <=7.11 | |
| F-Secure Mobile Security for Series 80 | ||
| Microsoft Windows Mobile | =6 | |
| F-Secure Internet Security 2010 | =2007-second_edition | |
| Microsoft Windows Mobile | =5.0 | |
| F-Secure Anti-Virus | =2007 | |
| F-Secure Anti-Virus for Linux | <=4.65 | |
| F-Secure Anti-Virus Linux Client Security | <=5.54 | |
| F-Secure Anti-Virus Client Security | <=6.04 | |
| F-Secure Internet Security 2010 | =2006 | |
| F-Secure Mobile Antivirus for S60 | =2nd_edition | |
| F-Secure Internet Security 2010 | =2007 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
- http://www.f-secure.com/security/fsc-2008-2.shtml
- http://secunia.com/advisories/29397
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
- http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml
- http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotfixes.shtml
- http://www.securityfocus.com/bid/28282
- http://www.securitytracker.com/id?1019618
- http://www.securitytracker.com/id?1019619
- http://www.securitytracker.com/id?1019620
- http://www.vupen.com/english/advisories/2008/0903/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41234
Frequently Asked Questions
What is the severity of CVE-2008-1412?
CVE-2008-1412 is considered a critical vulnerability due to its potential to allow remote attackers to execute arbitrary code or cause a denial of service.
How do I fix CVE-2008-1412?
To fix CVE-2008-1412, update affected F-Secure products to the latest available version that addresses this vulnerability.
What F-Secure products are affected by CVE-2008-1412?
CVE-2008-1412 affects multiple F-Secure products including Internet Security and Anti-Virus 2006 through 2008, among others.
What can attackers do with CVE-2008-1412?
Attackers can exploit CVE-2008-1412 to execute arbitrary code on the vulnerable system or cause it to hang or crash.
Is there any known exploit for CVE-2008-1412?
Yes, there are indications that CVE-2008-1412 can be exploited using specially crafted malformed archive files.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/f-secure
- canonical/microsoft windows mobile
- version/microsoft windows mobile/2003
- canonical/f-secure anti-virus
- version/f-secure anti-virus/2007-second_edition
- version/f-secure anti-virus/2008
- version/f-secure anti-virus/2006
- canonical/f-secure anti-virus for workstations
- version/f-secure anti-virus for workstations/7.11
- canonical/f-secure internet security 2010
- version/f-secure internet security 2010/2008
- canonical/f-secure protection service for business
- version/f-secure protection service for business/3.10
- canonical/f-secure protection service for consumers
- version/f-secure protection service for consumers/7.00
- canonical/f-secure client security
- version/f-secure client security/7.11
- canonical/f-secure mobile security for series 80
- version/microsoft windows mobile/6
- version/f-secure internet security 2010/2007-second_edition
- version/microsoft windows mobile/5.0
- version/f-secure anti-virus/2007
- canonical/f-secure anti-virus for linux
- version/f-secure anti-virus for linux/4.65
- canonical/f-secure anti-virus linux client security
- version/f-secure anti-virus linux client security/5.54
- canonical/f-secure anti-virus client security
- version/f-secure anti-virus client security/6.04
- version/f-secure internet security 2010/2006
- canonical/f-secure mobile antivirus for s60
- version/f-secure mobile antivirus for s60/2nd_edition
- version/f-secure internet security 2010/2007