>> F-Secure Products Web Console Requests Handling Buffer Overflow Vulnerability
Title : F-Secure Products Web Console Requests Handling Buffer Overflow Vulnerability VUPEN ID : VUPEN/ADV-2006-2076 CVE ID : CVE-2006-2838
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-06-01
Technical Description
A vulnerability has been identified in F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper, which could be exploited by attackers to take complete control of an affected system. This flaw is due to a buffer overflow error in the web console that does not properly handle specially crafted HTTP requests, which could be exploited by unauthenticated attackers to execute arbitrary commands.
Note : By default, connections to the web console are only allowed from localhost.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
