Vulnerability Details : CVE-2008-1412
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Vulnerability category: Input validationExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-1412
Probability of exploitation activity in the next 30 days: 7.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-1412
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2008-1412
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1412
-
http://www.securitytracker.com/id?1019619
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41234
-
http://www.securitytracker.com/id?1019618
-
http://www.securitytracker.com/id?1019620
-
http://www.vupen.com/english/advisories/2008/0903/references
-
http://www.f-secure.com/security/fsc-2008-2.shtml
Patch
-
http://www.securityfocus.com/bid/28282
- http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
-
http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml
-
http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-mimesweeper-hotfixes.shtml
Products affected by CVE-2008-1412
- cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_anti-virus:2007:second_edition:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_internet_security:2007:second_edition:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_anti-virus_for_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_s60:2nd_edition:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:2003:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_mobile_antivirus_for_windows_mobile:6:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_mobile_security_for_series_80:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_client_security:*:*:*:*:*:*:*:*