发布日期:2013-04-12
更新日期:2013-04-26
受影响系统:
F-Secure Anti-Virus Linux Server Security 9.x
F-Secure Anti-Virus for Windows Servers 9.x
F-Secure Anti-Virus for Citrix Servers 9.x
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 59443
F-Secure,原名Data Fellows,是欧洲著名信息安全厂商,总部位于芬兰首都赫尔辛基。
多个F-Secure服务器产品绑定的ActiveX控件相关的历史DLL组件存在错误,在使用IE浏览器时,允许到ODBC驱动程序的任意连接。如果本地服务器使用本地身份验证,攻击者可利用此漏洞执行任意代码。
<*来源:Andrea Micalizzi
链接:
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
F-Secure
--------
F-Secure已经为此发布了一个安全公告(fsc-2013-1)以及相应补丁:
fsc-2013-1:Remote code execution vulnerability in DLL component
链接:
补丁下载:
F-Secure Anti-Virus for Microsoft Exchange Server 9.00 - 9.10 ftp://ftp.f-secure.com/support/hotfix/fsav-mse/FSAVMSE910-HF02.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsav-mse/FSAVMSE910-HF02.jar
F-Secure Anti-Virus for Windows Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.jar
F-Secure Anti-Virus for Citrix Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF09.jar
F-Secure Email and Server Security 9.20 ftp://ftp.f-secure.com/support/hotfix/fsss/FSESS920-HF01.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsss/FSESS920-HF01.jar
F-Secure Server Security 9.20 ftp://ftp.f-secure.com/support/hotfix/fsss/FSSS920-HF01.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsss/FSSS920-HF01.jar