Multiple AV vendor vulns - archived
FYI...
(See: https://knowledge.mcafee.com/article...AL_Public.html
"...before applying the HotFix...")
- http://secunia.com/advisories/24466/
Release Date: 2007-03-14
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software:
McAfee ePolicy Orchestrator 3.x
McAfee ProtectionPilot 1.x
...Successful exploitation allows execution of arbitrary code.
The vulnerabilities affect the following products:
* McAfee ePolicy Orchestrator 3.5.0 (Patch 5 and earlier)
* McAfee ePolicy Orchestrator 3.6.0 (Patch 5 earlier)
* McAfee ePolicy Orchestrator 3.6.1
* McAfee ProtectionPilot 1.1.1 (Patch 3 and earlier)
* McAfee ProtectionPilot 1.5.0
Solution: Apply hotfix/patch.
https://mysupport.mcafee.com/eservice_enu/start.swe ..."
-----------------------------------------------------------
- http://secunia.com/advisories/24450/
Release Date: 2007-03-15
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
...The vulnerability reportedly affects all Trend Micro products that use Scan Engine version 8.0 and above with Pattern File technology.
Solution: Update the virus pattern file to OPR 4.335.00 or higher...
Original Advisory: Trend Micro:
http://esupport.trendmicro.com/suppo...tID=EN-1034587 ..."
-----------------------------------------------------------
- http://support.f-secure.com/enu/corp...hotfixes.shtml
F-Secure Anti-Virus Client Security 6.02 and 6.03
Mar 12, 2007 - Client Security Hotfix FSAVCS603_HF02 (675 KB)
"This hotfix improves error handling in the parts of F-Secure BackWeb Client responsible for setting the Management Server address on the Client side."
FYI...
Kaspersky multiple vulns - updates available
- http://secunia.com/advisories/24778/
Release Date: 2007-04-05
Critical: Highly critical
Impact: Privilege escalation, DoS, System access, Exposure of sensitive information, Exposure of system information
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 6.0.2.614 or later.
Kaspersky Anti-Virus for Windows Workstations:
http://www.kaspersky.com/productupda...pter=146274385
Kaspersky Anti-Virus for Windows Server:
http://www.kaspersky.com/productupda...pter=146274391
Kaspersky Internet Security 6.0:
http://www.kaspersky.com/productupda...pter=186437046
Kaspersky Anti-Virus 6.0:
http://www.kaspersky.com/productupda...pter=186435857 ..."
.
FYI...
McAfee VirusScan vuln - update available
- http://secunia.com/advisories/24914/
Release Date: 2007-04-18
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: McAfee VirusScan Enterprise 8.x
...The vulnerability reportedly affects versions 8.0i Patch 11 and prior.
Solution: Apply Patch 12 or later.
https://mysupport.mcafee.com/eservice_enu/start.swe ...
McAfee e-Business Svr DoS vuln - update available
- http://secunia.com/advisories/24893/
Release Date: 2007-04-18
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
Software: McAfee e-Business Server 8.x ...
Solution: Apply updates.
https://secure.nai.com/apps/download...ucts/login.asp ...
Original Advisory: McAfee:
http://preview.tinyurl.com/2wlsg9 ...
.
FYI...
avast! DoS Vuln - update available
- http://secunia.com/advisories/25137/
Release Date: 2007-05-08
Critical: Less critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: avast! Home/Professional 4.x
...The vulnerability is reported in avast! Home Edition and avast! Professional Edition.
Solution: Update to version 4.7.981 or later...
Original Advisory:
avast!: http://www.avast.com/eng/avast-4-hom...n-history.html ..."
.
FYI...
McAfee SecurityCenter ActiveX vuln - updates available
- http://secunia.com/advisories/25173/
Release Date: 2007-05-09
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...
...The vulnerability affects versions -prior- to 7.2.147 and 6.0.25.
Solution: The fix has reportedly been available via automatic updates since March 22, 2007.
Update to Security Center version 7.2.147 and 6.0.25, or higher.
http://us.mcafee.com/root/login.asp ..."
FYI...
Trend Micro ServerProtect vuln - update available
- http://secunia.com/advisories/25186/
Last Update: 2007-05-09
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro ServerProtect for Windows/NetWare 5.x
...Successful exploitation of the vulnerabilities allows execution of arbitrary code...
Original Advisory: Trend Micro:
http://www.trendmicro.com/download_b...p?productid=17 ..."
> http://isc.sans.org/diary.html?storyid=2774
Last Updated: 2007-05-09 16:04:05 UTC
FYI...
NOD32 AV vuln - update available
- http://secunia.com/advisories/25375/
Release Date: 2007-05-23
Critical: Moderately critical
Impact: Privilege escalation, System access
Where: From remote
Solution Status: Vendor Patch
Software: NOD32 for Windows NT/2000/XP/2003 2.x
...Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.70.37.
Solution: Update to version 2.70.39.
http://www.eset.com/download/registered_software.php ..."
.
FYI...
- http://secunia.com/advisories/25380/
Release Date: 2007-05-24
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
...Successful exploitation may allow execution of arbitrary code.
The vulnerability reportedly affects versions prior to 4.7.766 for servers and 4.7.700 for the Managed Client product.
Solution: Update to the latest versions.
http://www.avast.com/eng/download.html
Original Advisory: avast!:
http://www.avast.com/eng/adnm-manage...n-history.html
http://www.avast.com/eng/avast-4-ser...n-history.html ..."
.
FYI...
- http://secunia.com/advisories/25417/
Release Date: 2007-05-29
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to AVPack version 7.03.00.09 and Engine version 7.04.00.24. These updates have reportedly been made available since 2007-05-23...
Original Advisory: Avira:
http://forum.antivir-pe.de/thread.php?threadid=22528 ..."
.
FYI...
F-Secure Anti-Virus 5 hotfixes
> http://support.f-secure.com/enu/corp...hotfixes.shtml
------------------------------------------------
F-Secure Products vuln - updates available
- http://secunia.com/advisories/25426/
Release Date: 2007-05-30
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software:
F-Secure Anti-Virus 2005
F-Secure Anti-Virus 2006
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 5.x
F-Secure Anti-Virus Client Security 6.x
F-Secure Anti-Virus for Citrix Servers 5.x
F-Secure Anti-Virus for Linux 4.x
F-Secure Anti-Virus for Microsoft Exchange 6.x
F-Secure Anti-Virus for MIMEsweeper 5.x
F-Secure Anti-Virus for Windows Servers 5.x
F-Secure Anti-Virus for Workstations 5.x
F-Secure Internet Gatekeeper 6.x
F-Secure Internet Gatekeeper for Linux 2.x
F-Secure Internet Security 2005
F-Secure Internet Security 2006
F-Secure Internet Security 2007 ...
The vulnerability is caused due to a boundary error in the processing of LHA archives and can be exploited to cause a buffer overflow when decompressing a specially crafted archive.
The vulnerability is related to #1 in: http://secunia.com/SA21996/
Successful exploitation may allow execution of arbitrary code.
Solution: Apply hotfixes.
F-Secure Internet Security 2005 - 2007: Hotfix distributed automatically.
F-Secure Anti-Virus 2005 - 2007: Hotfix distributed automatically.
F-Secure Protection Service for Consumers: Hotfix distributed automatically...
Original Advisory: F-Secure: http://www.f-secure.com/security/fsc-2007-1.shtml ..."
------------------------------------------------
F-Secure AV vuln - update available
- http://secunia.com/advisories/25439/
Release Date: 2007-05-30
Critical: Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software:
F-Secure Anti-Virus 2005
F-Secure Anti-Virus 2006
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 5.x
F-Secure Anti-Virus Client Security 6.x
F-Secure Anti-Virus for Citrix Servers 5.x
F-Secure Anti-Virus for MIMEsweeper 5.x
F-Secure Anti-Virus for Windows Servers 5.x
F-Secure Anti-Virus for Workstations 5.x
F-Secure Internet Security 2005
F-Secure Internet Security 2006
F-Secure Internet Security 2007
...The vulnerability is caused due to an error in the real-time scanning component and can be exploited to execute arbitrary code with escalated privileges via specially crafted I/O request packets.
Solution: F-Secure Internet Security 2005 - 2007: Hotfix distributed automatically.
F-Secure Anti-Virus 2005 - 2007: Hotfix distributed automatically.
F-Secure Protection Service for Consumers 5.00 - 6.40: Hotfix distributed automatically...
Original Advisory: F-Secure: http://www.f-secure.com/security/fsc-2007-2.shtml ..."
----------------------------
F-Secure Policy Mgr Svr DoS Vuln - update available
- http://secunia.com/advisories/25449/
Release Date: 2007-05-30
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
...The vulnerability is caused due to an error within the fsmsh.dll host module and can be exploited to e.g. crash the server by specifying NTFS reserved names as URL filenames. The vulnerability affects versions 7.00 and prior.
Solution: Update to 7.01 or apply hotfix. http://www.f-secure.com/webclub/fspm.html
ftp://ftp.f-secure.com/support/hotfi...70-hotfix2.zip ...
Original Advisory: F-Secure:
http://www.f-secure.com/security/fsc-2007-4.shtml ..."
.
