[原文]F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier allows remote attackers to bypass anti-virus scanning via a crafted filename.
[CNNVD]F-Secure Anti-Virus/ Internet Security/Service Platform for Service Providers 特制文件名逃避扫描漏洞(CNNVD-200607-110)
F-Secure Anti-Virus 2003到2006及其他版本,Internet Security 2003到2006,以及Service Platform for Service Providers 6.x及之前版本可以使远程攻击者借助特制的文件名绕过防病毒扫描。
F-Secure Antivirus Crafted Executable Name Scan Bypass
Remote / Network Access
Loss of Integrity
F-Secure Antivirus contains a flaw that may allow a malicious user to bypass the real-time scanning functionality. The issue is triggered when an unspecified error occurs when handling executable programs where the name has been manipulated. It is possible that the flaw may allow malware execution on the system.
Currently, there are no known workarounds or upgrades to correct this issue. However, F-Secure Corporation has released a patch to address this vulnerability.