NEWS FROM THE LAB - Monday, March 17, 2008

F-Secure Security Advisory FSC-2008-2 Posted by Mikko @ 12:00 GMT

We have just released security advisory FSC-2008-2.

The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors — including several antivirus vendors… including us.

We've fixed a long list of our products to resolve these issues. Home users will get these fixes via the normal update system and they don't have to do anything. However, we do recommend that all system administrators using our products read the advisory to make sure all necessary upgrades or hotfixes have been applied within their organizations.

Our guidance here is the same as for patches from any other vendor: Patch now before someone figures out how to exploit the vulnerability. At the moment we are not aware of any public exploit methods for these vulnerabilities.

For more information, please consult F-Secure Security Advisory FSC-2008-2 and CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats.