Vulnerability CVE-2008-1412 - CERT Civis.Net

Vulnerability Name:

CVE-2008-1412 (CCN-41234)

Assigned:

2008-03-17

Published:

2008-03-17

Updated:

2017-08-08

Summary:

Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo
CWE-20

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-1412

Source: CCN
Type: SA29397
F-Secure Archives Handling Unspecified Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
29397

Source: CCN
Type: SECTRACK ID: 1019618
F-Secure Internet Security Unhandled Exception in Processing Archives Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1019619
F-Secure Internet Gatekeeper Unhandled Exception in Processing Archives Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1019620
F-Secure Anti-Virus Unhandled Exception in Processing Archives Lets Remote Users Execute Arbitrary Code

Source: CONFIRM
Type: UNKNOWN
http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml

Source: CONFIRM
Type: UNKNOWN
http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotfixes.shtml

Source: MISC
Type: UNKNOWN
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

Source: MISC
Type: UNKNOWN
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

Source: CCN
Type: F-Secure Security Bulletin FSC-2008-2
Archive handling vulnerability

Source: CONFIRM
Type: Patch
http://www.f-secure.com/security/fsc-2008-2.shtml

Source: CCN
Type: OSVDB ID: 43222
F-Secure Multiple Products Archive Handling Unspecified Code Execution

Source: BID
Type: UNKNOWN
28282

Source: CCN
Type: BID-28282
F-Secure Multiple Products Multiple Remote Archive Handling Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1019618

Source: SECTRACK
Type: UNKNOWN
1019619

Source: SECTRACK
Type: UNKNOWN
1019620

Source: VUPEN
Type: UNKNOWN
ADV-2008-0903

Source: XF
Type: UNKNOWN
fsecure-archives-code-execution(41234)

Source: XF
Type: UNKNOWN
fsecure-archives-code-execution(41234)

Vulnerable Configuration:

Configuration 1:

cpe:/a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:2007:second_edition:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus_client_security:*:*:*:*:*:*:*:* (Version <= 6.04)

OR cpe:/a:f-secure:f-secure_anti-virus_for_linux:*:*:*:*:*:*:*:* (Version <= 4.65)

OR cpe:/a:f-secure:f-secure_anti-virus_for_workstations:*:*:*:*:*:*:*:* (Version <= 7.11)

OR cpe:/a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:* (Version <= 5.54)

OR cpe:/a:f-secure:f-secure_client_security:*:*:*:*:*:*:*:* (Version <= 7.11)

OR cpe:/a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_internet_security:2007:second_edition:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_mobile_antivirus_for_s60:2nd_edition:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:5.0:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:6:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:2003:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_mobile_security_for_series_80:*:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:* (Version <= 3.10)

OR cpe:/a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:* (Version <= 7.00)

Configuration CCN 1:

cpe:/a:f-secure:f-secure_mobile_security_for_series_80:*:*:*:*:*:*:*:*

Denotes that component is vulnerable