Skip to main content

F-Secure Gadget Resource Handler ActiveX Control "initialize()" Buffer Overflow Vulnerability

Last Update Date: 25 Aug 2011 09:25 Release Date: 25 Aug 2011 6250 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in the F-Secure Gadget Resource Handler ActiveX Control, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the handling of the "initialize()" method and can be exploited to cause a stack-based buffer overflow via a specially crafted web page.

Successful exploitation allows execution of arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • F-Secure Anti-Virus 2010
  • F-Secure Anti-Virus 2011
  • F-Secure Gadget Resource Handler ActiveX Control (fsresh.dll) 1.x
  • F-Secure Internet Security 2010
  • F-Secure Internet Security 2011

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply patches available via the automatic update channel.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link