=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2007/VULN370
_____________________________________________________________________

DATE                      : 28/09/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows running F-Secure Anti-Virus.

======================================================================
F-Secure Security Bulletin FSC-2007-6

Vulnerabilities in scanning of specially crafted archives and certain packed
executables

Date issued 2007-09-27

Last updated 2007-09-27

Risk factor High (Low/Medium/High/Critical)

Brief description Specially crafted archives and packed executables
can bypass antivirus scanning.

Software F-Secure Anti-Virus for Windows Servers version 7.00

Affected versions F-Secure Anti-Virus for Windows Servers version 7.00

Affected platforms Windows Server 2003 64-bit edition for x64 processors

Bulletin location http://www.f-secure.com/security/fsc-2007-6.shtml

Issue: Placing a specially crafted archive or packed executable into
the system32 folder may allow an attacker to bypass F-Secure's
antivirus.
   _________________________________________________________________

Products: F-Secure Anti-Virus for Windows Servers version 7.00
Risk Factor: High
   _________________________________________________________________

Mitigating Factors:
   * Exploitation of the vulnerabilities requires specially crafted
     archives or packed executables
   * Issue only exists on 64-bit server platforms
   * There are no known exploits.

Patch availability:
Product                                  Versions Download
F-Secure Anti-Virus for Windows Servers  7.00
ftp://ftp.f-secure.com/support/hotfix/fsav/fsav720-01-signed.fsfix

Credits: F-Secure wants to thank Mr Papadorotheoun for pinpointing
this issue.

Revision History: FSC-2007-6 - 2007-09-27

Contact Information:
Support: http://support.f-secure.com/enu/home/contactus/
Security: http://www.f-secure.com/security/
URL: http://www.f-secure.com/


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================