CVE-2008-0792 - 漏洞详情

CVE-2008-0792 (CNNVD-200802-310)

MEDIUM

中文标题:

多个F-Secure anti-virus产品权限许可和访问控制漏洞

英文标题:

Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 200...

CVSS分数: 5.8

发布时间: 2008-02-15 01:00:00

漏洞类型: 授权问题

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

多个F-Secure anti-virus产品存在权限许可和访问控制漏洞。多个F-Secure anti-virus产品，包括Internet Security 2006 至2008，Anti-Virus 2006至2008，F-Secure Protection Service以及其它产品，会允许远程攻击者通过一个精心设计的CAB档案文件来绕过漏洞检查。

英文描述:

Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.

CWE类型:

CWE-264

受影响产品

厂商	产品	版本	版本范围	平台	CPE
f-secure	f-secure_anti-virus	2006	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus:2006:::::::*`
f-secure	f-secure_anti-virus	2007	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus:2007:::::::*`
f-secure	f-secure_anti-virus	2008	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus:2008:::::::*`
f-secure	f-secure_anti-virus_client_security	6.03	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.03:::::::*`
f-secure	f-secure_anti-virus_client_security	6.04	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.04:::::::*`
f-secure	f-secure_anti-virus_client_security	7.01	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.01:::::::*`
f-secure	f-secure_anti-virus_client_security	7.10	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.10:::::::*`
f-secure	f-secure_anti-virus_for_linux	4.65	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus_for_linux:4.65:::::::*`
f-secure	f-secure_anti-virus_for_workstations	5.44	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:5.44:::::::*`
f-secure	f-secure_anti-virus_for_workstations	7.00	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.00:::::::*`
f-secure	f-secure_anti-virus_for_workstations	7.10	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:::::::*`
f-secure	f-secure_anti-virus_linux_client_security	5.52	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:::::::*`
f-secure	f-secure_anti-virus_linux_client_security	5.53	-	-	`cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:::::::*`
f-secure	f-secure_internet_security	2006	-	-	`cpe:2.3:a:f-secure:f-secure_internet_security:2006:::::::*`
f-secure	f-secure_internet_security	2007	-	-	`cpe:2.3:a:f-secure:f-secure_internet_security:2007:::::::*`
f-secure	f-secure_internet_security	2008	-	-	`cpe:2.3:a:f-secure:f-secure_internet_security:2008:::::::*`
f-secure	f-secure_protection_service_for_business	*	-	-	`cpe:2.3:a:f-secure:f-secure_protection_service_for_business::::::::`
f-secure	f-secure_protection_service_for_consumers	*	-	-	`cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers::::::::`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

fsecure-cab-rar-security-bypass(40480) vdb-entry
cve.org

访问

1019405 vdb-entry
cve.org

访问

1019412 vdb-entry
cve.org

访问

28919 third-party-advisory
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

1019413 vdb-entry
cve.org

访问

ADV-2008-0544 vdb-entry
cve.org

访问

CVSS评分详情

5.8

MEDIUM

CVSS向量: AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS版本: 2.0

机密性

PARTIAL

完整性

PARTIAL

可用性

NONE

时间信息

发布时间:

2008-02-15 01:00:00

修改时间:

2024-08-07 08:01:39

创建时间:

2025-11-11 15:32:50

更新时间:

2025-11-11 15:49:24

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2008-0792`	2025-11-11 15:17:58	2025-11-11 07:32:50
NVD	`nvd_CVE-2008-0792`	2025-11-11 14:52:33	2025-11-11 07:41:36
CNNVD	`cnnvd_CNNVD-200802-310`	2025-11-11 15:09:00	2025-11-11 07:49:24

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:49:24

vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-200802-310; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 授权问题
cnnvd_id: 未提取 -> CNNVD-200802-310
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:41:36

cvss_score: 未提取 → 5.8; cvss_vector: NOT_EXTRACTED → AV:N/AC:M/Au:N/C:P/I:P/A:N; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 18; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

cvss_score: 未提取 -> 5.8
cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:P/I:P/A:N
cvss_version: NOT_EXTRACTED -> 2.0
affected_products_count: 0 -> 18
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2008-0792 (CNNVD-200802-310)

中文标题:

多个F-Secure anti-virus产品 权限许可和访问控制漏洞

英文标题:

Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 200...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史

多个F-Secure anti-virus产品权限许可和访问控制漏洞