Vulnerabilities (CVE)

Filtered by vendor F-secure Subscribe
Filtered by product Internet Security
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11644 1 F-secure 5 Client Security, Computer Protection, Internet Security and 2 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.
CVE-2009-1782 1 F-secure 6 Anti-virus, Client Security, Home Server Security and 3 more 2024-11-21 6.8 MEDIUM N/A
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive.